The HP Mercury Interactive Quality Center Spider Module ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
HP Mercury Interactive Quality Center includes an ActiveX control called Spider Module. It is provided by the file Spider.ocx or Spider90.ocx. This ActiveX control contains a stack buffer overflow in the ProgColor property.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause the web browser to crash.
Apply a patch
Apply a patch, as specified in HP Security Bulletin c00901872.
This vulnerability was reported by Will Dormann, of CERT/CC. It was also independently discovered by Eric Detoisien, and Titon & Ri0t of Bastard Labs.
This document was written by Will Dormann.
|Date First Published:||2007-04-12|
|Date Last Updated:||2007-04-14 16:04 UTC|