HP Application Lifecycle Management XGO.ocx Multiple Vulnerabilities
Schweregrad:: Kritisch
Hinweisdatum: 21 Juli 2015
Beschreibung
Two vulnerabilities have been reported in HP Application Lifecycle Management, which can be exploited by malicious people to compromise a user's system.
1) A type confusion error in the "SetShapeNodeType()" method within the XGO.ocx ActiveX control can be exploited to access user-specified data as an object.
2) The unsafe "CopyToFile()" method within the XGO.ocx ActiveX control allows creating and overwriting arbitrary files.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1005188
Trend Micro Deep Security DPI Rule Name: 1005188 - HP Application Lifecycle Management ActiveX Control Multiple Vulnerabilities
Betroffene Software und Version:
- HP Application Lifecycle Management
- Internet Explorer