CVE-2017-12969 - OpenCVE

Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Avaya	Ip Office Contact Center

Configuration 1 [-]

OR	cpe:2.3:a:avaya:ip_office_contact_center:9.1:sp11::::::
	cpe:2.3:a:avaya:ip_office_contact_center:9.1.0:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:9.1.0.2209.1540:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:9.1.6:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:9.1.7:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:9.1.8:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:9.1.9:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:10.0:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:10.0.0.3-8600.1705:::::::*
	cpe:2.3:a:avaya:ip_office_contact_center:10.1:::::::*

References

Link	Resource
http://downloads.avaya.com/css/P8/documents/101044091	Vendor Advisory
http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt
http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2017/Nov/17	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/101667	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43120/	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-11-09T19:00:00

Updated: 2017-11-09T18:57:01

Reserved: 2017-08-19T00:00:00

Link: CVE-2017-12969

JSON object: View

NVD Information

Status : Modified

Published: 2017-11-10T02:29:17.637

Modified: 2023-11-07T02:38:32.670

Link: CVE-2017-12969

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://downloads.avaya.com/css/P8/documents/101044091"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html"}, {"name": "101667", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101667"}, {"name": "43120", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43120/"}, {"name": "20171105 CVE-2017-12969 Avaya OfficeScan IPO Remote ActiveX Buffer Overflow", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2017/Nov/17"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12969", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt", "refsource": "MISC", "url": "http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt"}, {"name": "http://downloads.avaya.com/css/P8/documents/101044091", "refsource": "CONFIRM", "url": "http://downloads.avaya.com/css/P8/documents/101044091"}, {"name": "http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html"}, {"name": "101667", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101667"}, {"name": "43120", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43120/"}, {"name": "20171105 CVE-2017-12969 Avaya OfficeScan IPO Remote ActiveX Buffer Overflow", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2017/Nov/17"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12969", "datePublished": "2017-11-09T19:00:00", "dateReserved": "2017-08-19T00:00:00", "dateUpdated": "2017-11-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1:sp11:*:*:*:*:*:*", "matchCriteriaId": "D59361D7-B017-4CE2-81A5-291C53CC0E65", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C5C2AE6-BC1B-4448-8CCE-4F282A4C6959", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1.0.2209.1540:*:*:*:*:*:*:*", "matchCriteriaId": "D46DB486-88EC-49F3-AA9E-3E8755D61AF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1ADE5F08-A329-4083-A02A-BA3447F32991", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "DA0E24C0-8DAF-4199-A18A-625B50CA9369", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "6BA134E8-52E4-4CD9-9ABF-C5A6F9E5C272", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:9.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "2C5575DC-1A36-40AE-9A98-480C5A7C8BD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "203590C4-9B69-470B-8BF5-E436CE680A86", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:10.0.0.3-8600.1705:*:*:*:*:*:*:*", "matchCriteriaId": "912179E1-137C-4DEC-A915-CF4BDD5AE11E", "vulnerable": true}, {"criteria": "cpe:2.3:a:avaya:ip_office_contact_center:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "54AE4793-6525-4BCD-8883-681406784F39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en el control ViewerCtrlLib.ViewerCtrl de ActiveX en Avaya IP Office Contact Center, en versiones anteriores a la 10.1.1, permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica o heap y cierre inesperado) o ejecuten c\u00f3digo arbitrario mediante una cadena larga para el m\u00e9todo open."}], "id": "CVE-2017-12969", "lastModified": "2023-11-07T02:38:32.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-10T02:29:17.637", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://downloads.avaya.com/css/P8/documents/101044091"}, {"source": "cve@mitre.org", "url": "http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Nov/17"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101667"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43120/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}