Buffer Overflow in SPIDERLib.Loader ActiveX Control for Mercury Quality Center
CVE-2007-1819

Currently unrated

Key Information:

Vendor: HP
Status: Mercury Quality Center
Vendor: CVE Published:; 2 April 2007

What is CVE-2007-1819?

The SPIDERLib.Loader ActiveX control (Spider90.ocx) is susceptible to a stack-based buffer overflow that could allow an attacker to execute arbitrary code remotely. This vulnerability affects specific versions of Mercury Quality Center prior to designated patches. By sending a specially crafted long ProgColor property to the control, an attacker might exploit this flaw and gain unauthorized access or control over the affected system, emphasizing the need for immediate patch implementation to mitigate risks.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2007/1185

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1017835

vdb-entryx_refsource_SECTRACK

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2007
Vulnerability Reserved
Apr 2, 2007