module
HP Mercury Quality Center ActiveX Control ProgColor Buffer Overflow
| Disclosed | Created |
|---|---|
| Apr 4, 2007 | May 30, 2018 |
Disclosed
Apr 4, 2007
Created
May 30, 2018
Description
This module exploits a stack-based buffer overflow in SPIDERLib.Loader
ActiveX control (Spider90.ocx) 9.1.0.4353 installed by TestDirector (TD)
for Hewlett-Packard Mercury Quality Center 9.0 before Patch 12.1, and
8.2 SP1 before Patch 32.
By setting an overly long value to 'ProgColor', an attacker can overrun
a buffer and execute arbitrary code.
ActiveX control (Spider90.ocx) 9.1.0.4353 installed by TestDirector (TD)
for Hewlett-Packard Mercury Quality Center 9.0 before Patch 12.1, and
8.2 SP1 before Patch 32.
By setting an overly long value to 'ProgColor', an attacker can overrun
a buffer and execute arbitrary code.
Author
Trancer [email protected]
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.