CVE-2008-4827
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2008-4827
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple heap-based buffer overflows in the AddTab method in the (1) Tab and (2) CTab ActiveX controls in c1sizer.ocx and the (3) TabOne ActiveX control in sizerone.ocx in ComponentOne SizerOne 8.0.20081.140, as used in ComponentOne Studio for ActiveX 2008, TSC2 Help Desk 4.1.8, SAP GUI 6.40 Patch 29 and 7.10, and possibly other products, allow remote attackers to execute arbitrary code by adding many tabs, or adding tabs with long tab captions.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多个厂商SizerOne ActiveX控件AddTab方式堆溢出漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ComponentOne SizerOne是一个集成了四个控件的组件工具,包括两个可调整分割控件用来处理所有的调整分割任务。 SizerOne所提供的Tab ActiveX控件(c1sizer.ocx)在拷贝标签标题时存在堆溢出漏洞。如果用户受骗访问了恶意网页并通过AddTab()方式添加了带有超长标题的标签的话,就可以触发这个溢出,导致执行任意指令。 SAP GUI的TabOne ActiveX控件和TSC2 Help Desk的CTab ActiveX控件也使用了有漏洞的调用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2008-4827
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2008-4827
请登录查看更多情报信息。
- http://secunia.com/secunia_research/2008-52/x_refsource_MISC
- http://secunia.com/secunia_research/2008-54/x_refsource_MISC
- http://secunia.com/secunia_research/2008-53/x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2008-4827
Same Patch Batch · n/a · 2009-01-08 · 20 CVEs total
| CVE-2009-0043 | CA Service Metric Analysis和Service Level Managemen'smmsnmpd'任意命令执行漏洞 | |
| CVE-2008-5873 | Yerba SACphp 多个远程安全漏洞 | |
| CVE-2008-5872 | nortel multimedia_communication_server_5100 输入验证漏洞 | |
| CVE-2008-5871 | nortel multimedia_communication_server_5100 信任管理漏洞 | |
| CVE-2008-5870 | FastStone Image Viewer 多个BMP拒绝服务漏洞 | |
| CVE-2008-5869 | proxim tsunami_mp.11_2411 跨站脚本攻击漏洞 | |
| CVE-2008-5868 | IntelliTamper "CFG" 文件 缓冲区溢出漏洞 | |
| CVE-2009-0072 | Microsoft Internet Explorer 元素BODY 远程拒绝服务漏洞 | |
| CVE-2009-0071 | Mozilla Firefox designMode空指针引用拒绝服务漏洞 | |
| CVE-2009-0070 | Apple Safari安全漏洞 | |
| CVE-2008-0067 | HP OpenView网络节点管理器HTTP请求多个栈溢出漏洞 | |
| CVE-2008-5880 | Gobbl CMS Cookie 脚本auth.php 身份认证绕过漏洞 | |
| CVE-2008-5879 | Phpclanwebsite 脚本index.php 跨站脚本攻击漏洞 | |
| CVE-2008-5878 | Phpclanwebsite 多个目录遍历漏洞 | |
| CVE-2008-5877 | Phpclanwebsite 多个输入验证漏洞 | |
| CVE-2008-5876 | Irrlicht B3D加载器缓冲区溢出和代码执行漏洞 | |
| CVE-2008-5875 | Joomla ! HBS com_lowcosthotels组件SQL注入漏洞 | |
| CVE-2008-5874 | Joomla! HBS index.php脚本id参数SQL注入漏洞 | |
| CVE-2008-3819 | Cisco全球站点选择器DNS服务器远程拒绝服务漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2008-4827
No comments yet