Persists.XUpload.ActiveX.Buffer.Overflow

Release Date	Dec 27, 2007
Severity	Critical
Impact	System Compromise: remote attackers can gain control of vulnerable systems.
Description	This indicates an attempt to exploit a buffer overflow vulnerability in Persists Software's XUpload. There is a buffer overflow vulnerability in the "AddFolder()" method of the XUpload control. It allows a remote attacker to execute arbitrary code via a crafted web page.
Affected Products	Persits XUpload 2.1 1 HP LoadRunner 9.0 0 HP LoadRunner 8.1 0 Groove Networks Virtual Office 3.1.1 2390
Recommended Actions	Currently we are not aware of any vendor supplied patches for this issue.
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6530
Reference/s	http://www.securityfocus.com/bid/27025 (BugTraq) http://www.securityfocus.com/bid/27456 (BugTraq) http://www.vupen.com/english/advisories/2008/0315 (FrSIRT) http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059296.html http://milw0rm.org/exploits/4806 http://www.milw0rm.com/exploits/4987

Reference: VID-15243