Back to search
CVE-2008-4827
Published: Jan 8, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20090107 Secunia Research: TSC2 Help Desk CTab ActiveX Control Buffer Overflow
mailing-list
x_refsource_BUGTRAQ
ADV-2009-0037
vdb-entry
x_refsource_VUPEN
ADV-2009-0036
vdb-entry
x_refsource_VUPEN
http://secunia.com/secunia_research/2008-54/
x_refsource_MISC
sapgui-tabone-bo(47770)
vdb-entry
x_refsource_XF
http://secunia.com/secunia_research/2008-53/
x_refsource_MISC
33148
vdb-entry
x_refsource_BID
sizerone-tab-bo(47771)
vdb-entry
x_refsource_XF
32648
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/secunia_research/2008-52/
x_refsource_MISC
1021529
vdb-entry
x_refsource_SECTRACK
32609
third-party-advisory
x_refsource_SECUNIA
4879
third-party-advisory
x_refsource_SREASON
32672
third-party-advisory
x_refsource_SECUNIA
tsc2-ctab-bo(47769)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now