Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 08/01/2009 Updated: 11/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote malicious users to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap sap gui 6.40
sap sap gui 7.10
servantix tsc2 help desk 4.18
sap tabone 7.0.0.16
componentone sizerone 8.0.20081.140

CWE-119 http://secunia.com/secunia_research/2008-53/http://secunia.com/advisories/32672 http://secunia.com/advisories/32609 http://secunia.com/secunia_research/2008-54/http://secunia.com/advisories/32648 http://www.securityfocus.com/bid/33148 http://secunia.com/secunia_research/2008-52/http://securitytracker.com/id?1021529 http://securityreason.com/securityalert/4879 http://www.vupen.com/english/advisories/2009/0036 http://www.vupen.com/english/advisories/2009/0037 https://exchange.xforce.ibmcloud.com/vulnerabilities/47771 https://exchange.xforce.ibmcloud.com/vulnerabilities/47770 https://exchange.xforce.ibmcloud.com/vulnerabilities/47769 http://www.securityfocus.com/archive/1/499830/100/0/threaded https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4827

Vulnerability Summary

References

Vulmon Search

About

Products

Connect