ActiveX Battle Royal (HP Mercury Quality Center vs. Yahoo Messenger)

Two vanilla ActiveX vulnerabilities from two different pay-per-vuln companies battle it out for supremacy in this Tuesday night fight:

In this corner, iDefense's contender is the fresh-faced fury from corporate America, HP Mercury Quality Center. You may not have heard of this challenger but, "Hewlett-Packard Mercury Quality Center is a web-based interface that allows managers to automate software quality testing." HP has patched this, and the information is available here. In the absence of a patch the killbit to be set is 98C53984-8BF8-4D11-9B1C-C324FCA9CADE. There is no CVE for this contender at this time.

And in this corner, the Zero Day Initiative challenger, the hulking home-user havoc-monger, Yahoo Messenger. This issue is also patched with details from Yahoo here. The killbit for this issue is 85A4A99C-8C3D-499E-A386-E0743DFF8FB7. This contender goes by CVE-2007-1680.

But, this just in folks, HPMQC has been disqualified for not having gotten a CVE number before the match! What an disappointment! The fans don't like this one bit and they've started booing and throwing their drinks. I guess we'll have to wait till the rematch to find out whether the plucky HPMQC can overcome Yahoo Messenger's larger installed base. Until next time folks, this is Jon Doe, here with Ron Roe, signing off.

This has been a test of the anti-boring-ActiveX-post emergency system. This was only a test.