Secunia Security Advisory - A vulnerability has been reported in HP Mercury Quality Center, which can be exploited by malicious people to compromise a user's system.
43bcc14f294b82834b19c15814b0f661451a9bf4b6f63bff055f5dcc0aeaa752
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background
and experience in writing exploit code:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
http://secunia.com/Disassembling_og_Reversing/
http://secunia.com/Linux_Security_Specialist/
----------------------------------------------------------------------
TITLE:
HP Mercury Quality Center Unspecified ActiveX Control Vulnerability
SECUNIA ADVISORY ID:
SA24692
VERIFY ADVISORY:
http://secunia.com/advisories/24692/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
HP Mercury Quality Center 8.x
http://secunia.com/product/13826/
HP Mercury Quality Center 9.x
http://secunia.com/product/13827/
DESCRIPTION:
A vulnerability has been reported in HP Mercury Quality Center, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error within a
certain HP Mercury Quality Center ActiveX control and can be
exploited to execute arbitrary code.
The vulnerability reportedly affects version 8.2 SP1 and 9.0.
SOLUTION:
Apply patches.
Mercury Quality Center 8.2 Sp1 (Patch 32):
http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7a0f7f0efc7905fdc225729f004cf387?OpenDocument
Mercury Quality Center 9.0 (Patch 12.1):
http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/cf109e434c7765eac22572a4006c6e94?OpenDocument
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
* Eric Detoisien
* An anonymous person via iDefense Labs.
ORIGINAL ADVISORY:
HP:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00901872
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------