Buffer Overflow Vulnerability in HP Virtual Rooms by HP
CVE-2008-0437

Currently unrated

Key Information:

Vendor: HP
Status: Virtual Rooms; Activex
Vendor: CVE Published:; 23 January 2008

Summary

The HP Virtual Rooms application includes a vulnerability in the WebHPVCInstall.HPVirtualRooms14 ActiveX control found in HPVirtualRooms14.dll version 1.0.0.100. This security flaw allows remote attackers to exploit multiple buffer overflow instances via excessively long input in the properties such as AuthenticationURL, PortalAPIURL, or cabroot. By executing arbitrary code, attackers can gain unauthorized access, potentially leading to severe security breaches. It is crucial for users of HP Virtual Rooms to ensure their systems are updated to mitigate this risk.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39836

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/27384

vdb-entryx_refsource_BID

http://secunia.com/advisories/28595

third-party-advisoryx_refsource_SECUNIA

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 23, 2008
Vulnerability Reserved
Jan 23, 2008