CVE-2008-4827

2009-01-0819:30:11

CWE-119

[email protected]

web.nvd.nist.gov

cve

buffer overflow

addtab method

c1sizer.ocx

sizerone.ocx

componentone sizerone

activex

remote code execution

sap gui

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.816 High

EPSS

Percentile

98.4%

JSON

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

Affected configurations

NVD

Node

componentonesizeroneMatch8.0.20081.140

sapsap_guiMatch6.40

sapsap_guiMatch7.10

saptaboneMatch7.0.0.16

servantixtsc2_help_deskMatch4.18

CPENameOperatorVersion
componentone:sizeronecomponentone sizeroneeq8.0.20081.140
sap:sap_guisap sap guieq6.40
sap:sap_guisap sap guieq7.10
sap:tabonesap taboneeq7.0.0.16
servantix:tsc2_help_deskservantix tsc2 help deskeq4.18

CPE	Name	Operator	Version
componentone:sizerone	componentone sizerone	eq	8.0.20081.140
sap:sap_gui	sap sap gui	eq	6.40
sap:sap_gui	sap sap gui	eq	7.10
sap:tabone	sap tabone	eq	7.0.0.16
servantix:tsc2_help_desk	servantix tsc2 help desk	eq	4.18