CVE Vulnerability

CVE-2007-6530

Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://marc.info/?l=full-disclosure&m=119863639428564&w=2 Exploit
http://www.securityfocus.com/bid/27025 Exploit
http://secunia.com/advisories/28145 Vendor Advisory
http://secunia.com/advisories/28205 Vendor Advisory
http://secunia.com/advisories/28218 Vendor Advisory
http://www.securitytracker.com/id?1019147
http://osvdb.org/39901
http://www.vupen.com/english/advisories/2007/4310
Configurations

Configuration 1

cpe:2.3:a:persits:xupload:2.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:groove:virtual_office:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:loadrunner:*:*:*:*:*:*:*:*
Information

Published : 2007-12-27 10:46

Updated : 2011-03-08 03:03

NVD link : CVE-2007-6530

Mitre link : CVE-2007-6530

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer