CVE-2017-12969
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://downloads.avaya.com/css/P8/documents/101044091
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| avaya | ip_office_contact_center | 9.1 | |
| avaya | ip_office_contact_center | 9.1.0 | |
| avaya | ip_office_contact_center | 9.1.0.2209.1540 | |
| avaya | ip_office_contact_center | 9.1.6 | |
| avaya | ip_office_contact_center | 9.1.7 | |
| avaya | ip_office_contact_center | 9.1.8 | |
| avaya | ip_office_contact_center | 9.1.9 | |
| avaya | ip_office_contact_center | 10.0 | |
| avaya | ip_office_contact_center | 10.0.0.3-8600.1705 | |
| avaya | ip_office_contact_center | 10.1 | |
References
- http://downloads.avaya.com/css/P8/documents/101044091
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt
- http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2017/Nov/17
- http://www.securityfocus.com/bid/101667
- https://www.exploit-db.com/exploits/43120/
- http://downloads.avaya.com/css/P8/documents/101044091
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt
- http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2017/Nov/17
- http://www.securityfocus.com/bid/101667
- https://www.exploit-db.com/exploits/43120/
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.