// For flags

CVE-2008-4827

 

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.

Múltiples desbordamientos de búfer basados en montículo en el método AddTab en los controles ActiveX (1) Tab y (2) CTab en c1sizer.ocx y control ActiveX (3) TabOne en sizerone.ocx en ComponentOne SizerOne v8.0.20081.140, como el utilizado en ComponentOne Studio para ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 y v7.10, y posiblemente otros productos, permiten a atacantes remotos ejecutar código de su elección añadiendo muchas pestañas, o añadiendo pestañas con un título largo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-31 CVE Reserved
  • 2009-01-07 CVE Published
  • 2023-07-09 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Componentone
Search vendor "Componentone"
Sizerone
Search vendor "Componentone" for product "Sizerone"
8.0.20081.140
Search vendor "Componentone" for product "Sizerone" and version "8.0.20081.140"
-
Affected
Sap
Search vendor "Sap"
Sap Gui
Search vendor "Sap" for product "Sap Gui"
6.40
Search vendor "Sap" for product "Sap Gui" and version "6.40"
-
Affected
Sap
Search vendor "Sap"
Sap Gui
Search vendor "Sap" for product "Sap Gui"
7.10
Search vendor "Sap" for product "Sap Gui" and version "7.10"
-
Affected
Sap
Search vendor "Sap"
Tabone
Search vendor "Sap" for product "Tabone"
7.0.0.16
Search vendor "Sap" for product "Tabone" and version "7.0.0.16"
-
Affected
Servantix
Search vendor "Servantix"
Tsc2 Help Desk
Search vendor "Servantix" for product "Tsc2 Help Desk"
4.18
Search vendor "Servantix" for product "Tsc2 Help Desk" and version "4.18"
-
Affected