Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/43120/ | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/101667 | Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2017/Nov/17 | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html | Third Party Advisory VDB Entry |
http://downloads.avaya.com/css/P8/documents/101044091 | Vendor Advisory |
http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-11-09 18:29
Updated : 2018-08-13 14:47
NVD link : CVE-2017-12969
Mitre link : CVE-2017-12969
JSON object : View
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Products Affected
avaya
- ip_office_contact_center