HPSBGN02199 SSRT071312 rev.4 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution

RESOLUTION

HP has provided the following software patches to resolve this vulnerability.

Mercury Quality Center 8.2 Sp1 Patch 32 or subsequent

Mercury Quality Center 9.0 Patch 12.1 or subsequent

Quality Center patches are available here: http://support.openview.hp.com/selfsolve/patches

HISTORY 
Version:1 (rev.1) - 27 Mar 2007 Initial release 
Version:2 (rev.2) - 19 June 2007 Modified acknowledgment to include Will Dormann of CERT/CC 
Version:3 (rev.3) - 20 June 2007 Correct version/rev mismatch 
Version:4 (rev.4) - 22 June 2012 - Removed old links to patches

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact the normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.