Intrusion Prevention

HP.Virtual.Rooms.WebHPVCInstall.Control.Buffer.Overflow

Description

This indicates a possible attempt to exploit one of several buffer-overflow vulnerabilities in HP Virtual Rooms.
The vulnerabilities are in the "WebHPVCInstall.HPVirtualRooms14" ActiveX control in HPVirtualRooms14.dll. They result from the application's failure to bounds check user-supplied input, leading to various buffer overflows. As a result, a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.

Affected Products

HP Virtual Rooms hpvirtualrooms14.dll version 1.0.0.100

Impact

System Compromise: Remote code execution.

Recommended Actions

The vendor has released the advisory HPSBGN02310 SSRT080007 to address this issue:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01346601

CVE References

CVE-2008-0437 CVE-2008-0213