Vulnerabilities > CVE-2007-3649 - Unspecified vulnerability in HP Photo Digital Imaging Activex Control 2.1.0.556

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

exploit available

NVD

Published: 2007-07-10

Updated: 2017-09-29

Summary

Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Photo Digital Imaging Activex Control 2.1.0.556	1

Exploit-Db

description	HP Digital Imaging (hpqvwocx.dll v. 2.1.0.556) SaveToFile() Exploit. CVE-2007-3649. Remote exploit for windows platform
file	exploits/windows/remote/4155.html
id	EDB-ID:4155
last seen	2016-01-31
modified	2007-07-06
platform	windows
port
published	2007-07-06
reporter	shinnai
source	https://www.exploit-db.com/download/4155/
title	HP Digital Imaging hpqvwocx.dll 2.1.0.556 - SaveToFile Exploit
type	remote

Summary

Vulnerable Configurations

Exploit-Db

References