Vulnerabilities > CVE-2007-6332 - Arbitrary Code Execution vulnerability in HP Info Center HPInfoDLL.DLL ActiveX Control
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | HP Compaq Notebooks ActiveX Remote Code Execution Exploit. CVE-2007-6331,CVE-2007-6332,CVE-2007-6333. Remote exploit for windows platform |
file | exploits/windows/remote/4720.html |
id | EDB-ID:4720 |
last seen | 2016-01-31 |
modified | 2007-12-11 |
platform | windows |
port | |
published | 2007-12-11 |
reporter | porkythepig |
source | https://www.exploit-db.com/download/4720/ |
title | HP Compaq Notebooks ActiveX Remote Code Execution Exploit |
type | remote |
Nessus
NASL family | Windows |
NASL id | HP_HPINFODLL_ACTIVEX.NASL |
description | The remote host contains the HP Quick Launch Button software, part of the HP Info Center software installed by default on many HP and Compaq laptop models. The version of this software on the remote host includes an ActiveX control that reportedly contains three insecure methods - |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 29725 |
published | 2007-12-18 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/29725 |
title | HP Info Center ActiveX Control Multiple Remote Vulnerabilities |
code |
|
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486
- http://secunia.com/advisories/28055
- http://securitytracker.com/id?1019086
- http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt
- http://www.securityfocus.com/archive/1/484880/100/100/threaded
- http://www.securityfocus.com/bid/26823
- http://www.vupen.com/english/advisories/2007/4192
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38994
- https://www.exploit-db.com/exploits/4720