---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: HP Mercury Quality Center Unspecified ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA24692 VERIFY ADVISORY: http://secunia.com/advisories/24692/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: HP Mercury Quality Center 8.x http://secunia.com/product/13826/ HP Mercury Quality Center 9.x http://secunia.com/product/13827/ DESCRIPTION: A vulnerability has been reported in HP Mercury Quality Center, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error within a certain HP Mercury Quality Center ActiveX control and can be exploited to execute arbitrary code. The vulnerability reportedly affects version 8.2 SP1 and 9.0. SOLUTION: Apply patches. Mercury Quality Center 8.2 Sp1 (Patch 32): http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7a0f7f0efc7905fdc225729f004cf387?OpenDocument Mercury Quality Center 9.0 (Patch 12.1): http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/cf109e434c7765eac22572a4006c6e94?OpenDocument PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Eric Detoisien * An anonymous person via iDefense Labs. ORIGINAL ADVISORY: HP: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00901872 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------