HP Mercury Quality Center ActiveX控件远程栈溢出漏洞

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

临时解决方法：

* 为上述控件设置kill-bit以防在IE中加载。

厂商补丁：

HP

--

HP已经为此发布了一个安全公告(HPSBGN02199)以及相应补丁:

HPSBGN02199：SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution

链接：

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?print=true&objectID=c00901872&printver

补丁下载：

http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7a0f7f0efc7905fdc225729f004cf387?OpenDocument

http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/cf109e434c7765eac22572a4006c6e94?OpenDocument

来源: VU#589097

名称: VU#589097

链接:http://www.kb.cert.org/vuls/id/589097

来源: BID

名称: 23239

链接:http://www.securityfocus.com/bid/23239

来源: VUPEN

名称: ADV-2007-1185

链接:http://www.frsirt.com/english/advisories/2007/1185

来源: MISC

链接:http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/cf109e434c7765eac22572a4006c6e94?OpenDocument

来源: webnotes.merc-int.com

链接:http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7a0f7f0efc7905fdc225729f004cf387?OpenDocument

来源: SECTRACK

名称: 1017835

链接:http://securitytracker.com/id?1017835

来源: SECUNIA

名称: 24692

链接:http://secunia.com/advisories/24692

来源: IDEFENSE

名称: 20070402 Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability

链接:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=497

来源: HP

名称: HPSBGN02199

链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00901872