CVE-2008-0437

critical HPE
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
32.5%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: January 23, 2008 (6685 days ago)
Last Modified: April 23, 2026
Vendor: HPE
Source: NVD

Description

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information.

CWE

CWE-119

Affected Products

hp virtual roomsmicrosoft activex

References

🔗 marc.info 🔗 secunia.com 🔗 www.securityfocus.com 🔗 www.vupen.com 🔗 exchange.xforce.ibmcloud.com