A type confusion vulnerability in XGO.ocx ActiveX control in HP Lifecycle Management in the method SetShapeNodeType allowing user-specified memory to be used as an object. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7 without Java installed, Internet Explorer 8 with Java 6 installed in Windows XP, and Internet Explorer 8 and 9 in Windows 7 with Java 6 installed) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Exploit Platform
Exploit Type
Product Name