Vulnerability CVE-2008-4827

Vulnerability Name:

CVE-2008-4827 (CCN-47769)

Assigned:

2008-10-31

Published:

2009-01-07

Updated:

2018-10-11

Summary:

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4827

Source: CCN
Type: SA32609
ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
32609

Source: CCN
Type: SA32648
TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
32648

Source: CCN
Type: SA32672
SAP GUI TabOne ActiveX Control Caption List Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
32672

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2008-52/

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2008-53/

Source: CCN
Type: Secunia Research 07/01/2009
TSC2 Help Desk CTab ActiveX Control Buffer Overflow

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2008-54/

Source: SREASON
Type: UNKNOWN
4879

Source: CCN
Type: SECTRACK ID: 1021529
SAP GUI Heap Overflow in 'sizerone.ocx' Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1021529

Source: BUGTRAQ
Type: UNKNOWN
20090107 Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow

Source: BID
Type: UNKNOWN
33148

Source: CCN
Type: BID-33148
Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability

Source: CCN
Type: Servantix Web site
Help Desk Software & Asset Management - TSC2 Help Desk

Source: VUPEN
Type: UNKNOWN
ADV-2009-0036

Source: VUPEN
Type: UNKNOWN
ADV-2009-0037

Source: XF
Type: UNKNOWN
tsc2-ctab-bo(47769)

Source: XF
Type: UNKNOWN
tsc2-ctab-bo(47769)

Source: XF
Type: UNKNOWN
sapgui-tabone-bo(47770)

Source: XF
Type: UNKNOWN
sizerone-tab-bo(47771)

Vulnerable Configuration:

Configuration 1:

cpe:/a:componentone:sizerone:8.0.20081.140:*:*:*:*:*:*:*

OR cpe:/a:sap:sap_gui:6.40:*:*:*:*:*:*:*

OR cpe:/a:sap:sap_gui:7.10:*:*:*:*:*:*:*

OR cpe:/a:sap:tabone:7.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:servantix:tsc2_help_desk:4.18:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2008-4827 (CCN-47770)

Assigned:

2008-10-31

Published:

2009-01-07

Updated:

2009-01-07

Summary:

The SAP GUI TabOne ActiveX control (sizerone.ocx) is vulnerable to a heap-based buffer overflow when copying tab options. By persuading a victim to visit a specially-crafted Web page that adds multiple tabs using the AddTab() method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4827

Source: CCN
Type: SA32609
ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: SA32648
TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: SA32672
SAP GUI TabOne ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: Secunia Research
SAP GUI TabOne ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: SECTRACK ID: 1021529
SAP GUI Heap Overflow in 'sizerone.ocx' Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: SAP Web site
SAP

Source: CCN
Type: BID-33148
Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
sapgui-tabone-bo(47770)

Vulnerability Name:

CVE-2008-4827 (CCN-47771)

Assigned:

2008-10-31

Published:

2009-01-07

Updated:

2018-10-11

Summary:

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-4827

Source: CCN
Type: SA32609
ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: SA32648
TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: SA32672
SAP GUI TabOne ActiveX Control Caption List Buffer Overflow

Source: CCN
Type: Secunia Research 07/01/2009
ComponentOne SizerOne ActiveX Control Buffer Overflow

Source: CCN
Type: SECTRACK ID: 1021529
SAP GUI Heap Overflow in 'sizerone.ocx' Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: ComponentOne Web site
ComponentOne SizerOne Features

Source: CCN
Type: BID-33148
Multiple Vendor SizerOne ActiveX Control 'AddTab' Method Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
sizerone-tab-bo(47771)

BACK