ID
VAR-E-200901-0112
CVE
| cve_id: | CVE-2008-4827 | Trust: 0.3 |
TITLE
Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability
Trust: 0.3
DESCRIPTION
The SizerOne ActiveX control used in products by multiple vendors is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | servantix | model: | tsc2 help desk | scope: | eq | version: | 4.1.8 | Trust: 0.3 |
| vendor: | sap | model: | gui | scope: | eq | version: | 7.10 | Trust: 0.3 |
| vendor: | sap | model: | gui patch | scope: | eq | version: | 6.4029 | Trust: 0.3 |
| vendor: | componentone | model: | studio for activex | scope: | eq | version: | 20080 | Trust: 0.3 |
| vendor: | componentone | model: | studio enterprise | scope: | eq | version: | 20080 | Trust: 0.3 |
| vendor: | componentone | model: | sizerone | scope: | eq | version: | 8.0.20081.140 | Trust: 0.3 |
| vendor: | servantix | model: | tsc2 help desk | scope: | ne | version: | 4.3.1 | Trust: 0.3 |
| vendor: | sap | model: | gui pl | scope: | ne | version: | 7.10 | Trust: 0.3 |
| vendor: | componentone | model: | sizerone | scope: | ne | version: | 8.0.20081.142 | Trust: 0.3 |
EXPLOIT
A commercial proof of concept is available through VUPEN Security - Exploit and PoCs Service. This proof of concept is not otherwise publicly available or known to be circulating in the wild.
An attacker may exploit this issue by enticing a victim into visiting a malicious webpage.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
CREDITS
Carsten Eiram
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2008-4827 | Trust: 0.3 |
| db: | BID | id: | 33148 | Trust: 0.3 |
REFERENCES
| url: | http://secunia.com/secunia_research/2008-52/ | Trust: 0.3 |
| url: | https://www.sdn.sap.com/irj/sdn/sap-gui | Trust: 0.3 |
| url: | http://secunia.com/secunia_research/2008-53/ | Trust: 0.3 |
| url: | http://www.tsc2-helpdesk.com/ | Trust: 0.3 |
| url: | http://secunia.com/secunia_research/2008-54/ | Trust: 0.3 |
| url: | http://support.microsoft.com/kb/240797 | Trust: 0.3 |
| url: | http://www.componentone.com/superproducts/sizerone/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 33148 |
LAST UPDATE DATE
2022-07-27T09:28:26.144000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 33148 | date: | 2010-01-05T21:02:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 33148 | date: | 2009-01-07T00:00:00 |