|Date: (C)2007-12-27 (M)2015-12-16|
|CVSS Score: 9.3||Access Vector: NETWORK|
|Exploitability Subscore: 8.6||Access Complexity: MEDIUM|
|Impact Subscore: 10.0||Authentication: NONE|
| ||Confidentiality: COMPLETE|
| ||Integrity: COMPLETE|
| ||Availability: COMPLETE|
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 22.214.171.124, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.