Computer Security
[EN] securityvulns.ru no-pyccku


HP Software Updates ActiveX unauthorized access
updated since 20.12.2007
Published:22.12.2007
Source:
SecurityVulns ID:8480
Type:client
Threat Level:
7/10
Description:Unsafe SaveToFile() method allows access to filesystem.
Affected:HP : HP Software Update client 3.0
CVE:CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.)
Original documentdocumentHP, HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access (22.12.2007)
 documentporkythepig_(at)_anspi.pl, HP laptops Software Update tool vulnerability (20.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod