Executive Summary

Summary
Title HP Virtual Rooms Client Running on Windows, Remote Execution of Arbitrary Code
Informations
Name HPSBGN02410 SSRT080135 First vendor Publication 2009-02-24
Vendor HP Last vendor Modification 2009-02-24
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP Virtual Rooms client running on Windows. The vulnerability could be exploited to allow remote execution of arbitrary code.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01678405

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
52830 HP Virtual Rooms Client on Windows Unspecified Arbitrary Remote Code Execution

Snort® IPS/IDS

Date Description
2014-01-10 HP Virtual Rooms v7 ActiveX clsid unicode access
RuleID : 15381 - Revision : 4 - Type : WEB-ACTIVEX
2014-01-10 HP Virtual Rooms v7 ActiveX clsid access
RuleID : 15380 - Revision : 9 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2009-06-10 Name : The remote Windows host is missing a security update containing ActiveX kill ...
File : smb_kb_969898.nasl - Type : ACT_GATHER_INFO
2009-03-09 Name : The remote Windows host has an ActiveX control that fails to restrict access ...
File : hp_virtualroomsclient_701_code_exec.nasl - Type : ACT_GATHER_INFO