1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: HP Application Lifecycle Management Remote Code Execution

Attack: HP Application Lifecycle Management Remote Code Execution

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in HP Application Lifecycle Management which could result in remote code execution.

Additional Information

HP Application Lifecycle Management is a software for managing the application life cycle.

HP Application Lifecycle Management is prone to the following remote code-execution vulnerabilities exists in the 'XGO.ocx' ActiveX control. Specifically, these issues affects the following two functions:

1. Type confusion error in the 'SetShapeNodeType()' function, which allow user specified memory to be used as an object.

2. Error in the 'CopyToFile()' function, which allow an attacker to create and overwrite files on the system of the user invoking the control.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the process (typically Internet Explorer) using the ActiveX control. Failed exploit attempts likely result in denial-of-service conditions.

Affected

  • HP Application Lifecycle Management 11.50
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube