[Full-disclosure] HP Virtual Rooms WebHPVCInstall Control Multiple Buffer Overflows
elazar at hushmail.com
Tue Jan 22 07:37:47 GMT 2008
HP Virtual Rooms is a suite of online collaboration, training and
HP uses an ActiveX control to install the Virtual Rooms client.
Several properties including AuthenticationURL, PortalAPIURL,
cabroot are vulnerable to a buffer overflow.
hpvirtualrooms14.dll version 220.127.116.11
HP Virtual Rooms Install
It appears that this control is only used during the installation
process on the Virtual Rooms client. Set the killbit for this
control, see http://support.microsoft.com/kb/240797.
Discount Online Trading - Click Now!
Full-Disclosure is hosted and sponsored by Secunia.