Vulnerabilities > CVE-2007-5608 - Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows |
NASL id | HPISDATAMANAGER_ACTIVEX_1_0_0_24.NASL |
description | The remote host contains several ActiveX controls in HP Instant Support HPISDataManager.dll, a web-based diagnostic tool from Hewlett-Packard. The version of the controls installed on the remote host reportedly are affected by several issues. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this method could be used to execute arbitrary code by means of buffer overflows or to execute delete, download, and write to arbitrary files on the affected system, all subject to the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 33095 |
published | 2008-06-05 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/33095 |
title | HP Instant Support HPISDataManager.dll ActiveX Control < 1.0.0.24 Vulnerabilities |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 29530 CVE(CAN) ID: CVE-2007-5608 HP Instant Support是是基于网络的故障诊断和排除工具套件,适用于桌面计算和打印产品。 HP Instant Support所安装的HPISDataManager.dll ActiveX控件没有正确地过滤对DownloadFile函数的输入参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话,就可能导致向本地系统下载任意文件。 HP Instant Support 1.0.0.22 临时解决方法: * 为clsid:14C1B87C-3342-445F-9B5E-365FF330A3AC设置kill-bit。 厂商补丁: HP -- HP已经为此发布了一个安全公告(HPSBMA02326)以及相应补丁: HPSBMA02326:SSRT071490 rev.1 - HP Instant Support HPISDataManager.dll Running on Windows, Remote Execution of Arbitrary Code 链接:<a href=http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264 target=_blank>http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264</a> |
id | SSV:3392 |
last seen | 2017-11-19 |
modified | 2008-06-06 |
published | 2008-06-06 |
reporter | Root |
title | HP Instant Support HPISDataManager.dll ActiveX控件任意文件下载漏洞 |
References
- http://secunia.com/advisories/30516
- http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
- http://www.kb.cert.org/vuls/id/949587
- http://www.securityfocus.com/bid/29526
- http://www.securityfocus.com/bid/29530
- http://www.securitytracker.com/id?1020165
- http://www.vupen.com/english/advisories/2008/1740/references
- http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42850