EDB-4757
doswindowsVERIFIED
HP Software Update Client 3.0.8.4 - Multiple Vulnerabilities
CVE-2007-6506
porkythepig12/19/2007
説明
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
AI分析AIによる分析
影響を受ける製品
hpsoftware_update
hpsoftware_update
3.0.8.4
利用可能なエクスプロイト (1)
参照
- http://blogs.zdnet.com/security/?p=768
- http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
- http://it.slashdot.org/it/07/12/20/2327242.shtml
- http://secunia.com/advisories/28177Vendor Advisory
- http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
- http://www.securityfocus.com/archive/1/485451/100/0/threaded
- http://www.securityfocus.com/archive/1/485734/100/0/threaded
- http://www.securityfocus.com/bid/26950Exploit
- http://www.securitytracker.com/id?1019133
- http://www.vupen.com/english/advisories/2007/4271Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39153
- https://www.exploit-db.com/exploits/4757
- http://blogs.zdnet.com/security/?p=768
- http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
- http://it.slashdot.org/it/07/12/20/2327242.shtml
- http://secunia.com/advisories/28177Vendor Advisory
- http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
- http://www.securityfocus.com/archive/1/485451/100/0/threaded
- http://www.securityfocus.com/archive/1/485734/100/0/threaded
- http://www.securityfocus.com/bid/26950Exploit