CVE-2017-12969: Buffer Overflow
First published: Thu Nov 09 2017(Updated: )
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avaya IP Office Contact Center | =9.1-sp11 | |
| Avaya IP Office Contact Center | =9.1.0 | |
| Avaya IP Office Contact Center | =9.1.0.2209.1540 | |
| Avaya IP Office Contact Center | =9.1.6 | |
| Avaya IP Office Contact Center | =9.1.7 | |
| Avaya IP Office Contact Center | =9.1.8 | |
| Avaya IP Office Contact Center | =9.1.9 | |
| Avaya IP Office Contact Center | =10.0 | |
| Avaya IP Office Contact Center | =10.0.0.3-8600.1705 | |
| Avaya IP Office Contact Center | =10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://downloads.avaya.com/css/P8/documents/101044091
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt
- http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html
- http://seclists.org/fulldisclosure/2017/Nov/17
- http://www.securityfocus.com/bid/101667
- https://www.exploit-db.com/exploits/43120/
- http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-%28IPO%29-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-12969.
What is the severity of CVE-2017-12969?
The severity of CVE-2017-12969 is high.
What is the affected software for CVE-2017-12969?
The affected software for CVE-2017-12969 is Avaya IP Office Contact Center versions 9.1-sp11, 9.1.0, 9.1.0.2209.1540, 9.1.6, 9.1.7, 9.1.8, 9.1.9, 10.0, 10.0.0.3-8600.1705, and 10.1.
How does CVE-2017-12969 impact the affected software?
CVE-2017-12969 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.
Are there any references available for CVE-2017-12969?
Yes, there are references available for CVE-2017-12969. You can find them at the following links: [http://downloads.avaya.com/css/P8/documents/101044091](http://downloads.avaya.com/css/P8/documents/101044091), [http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt](http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-(IPO)-v9.1.0-10.1-VIEWERCTRL-ACTIVE-X-BUFFER-OVERFLOW-0DAY.txt), [http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html](http://packetstormsecurity.com/files/144882/Avaya-IP-Office-IPO-10.1-Active-X-Buffer-Overflow.html)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/avaya
- canonical/avaya ip office contact center
- version/avaya ip office contact center/9.1-sp11
- version/avaya ip office contact center/9.1.0
- version/avaya ip office contact center/9.1.0.2209.1540
- version/avaya ip office contact center/9.1.6
- version/avaya ip office contact center/9.1.7
- version/avaya ip office contact center/9.1.8
- version/avaya ip office contact center/9.1.9
- version/avaya ip office contact center/10.0
- version/avaya ip office contact center/10.0.0.3-8600.1705
- version/avaya ip office contact center/10.1