HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012
BID: 55272
OSVDB: 85152

Background

HP Application Lifecycle Management (ALM) is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable dashboard.

Problem

The XGO.ocx ActiveX control in HP Application Lifecycle Management exposes an insecure method, SetShapeNodeType, which is vulnerable to a type confusion error allowing user-specified memory to be used as an object. A remote attacker who persuades a user to visit a specially crafted web page could execute arbitrary code in the context of the process.

Resolution

Upgrade when HP provides one. In the interim, access to the HP Application Lifecycle Management service should be restricted to trusted machines.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-170/

Limitations

This exploit has been tested against HP Lifecycle Management ActiveX 11.50.777.0 on Microsoft Windows XP SP3 English (DEP OptIn) and Microsoft Windows 7 SP1 (DEP OptIn).

The user must open the exploit page in Internet Explorer 8 or 9.

Platforms

Windows

Back to exploit index