Vulnerabilities > CVE-2007-6333 - Arbitrary Code Execution vulnerability in HP Info Center HPInfoDLL.DLL ActiveX Control
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | HP Compaq Notebooks ActiveX Remote Code Execution Exploit. CVE-2007-6331,CVE-2007-6332,CVE-2007-6333. Remote exploit for windows platform |
file | exploits/windows/remote/4720.html |
id | EDB-ID:4720 |
last seen | 2016-01-31 |
modified | 2007-12-11 |
platform | windows |
port | |
published | 2007-12-11 |
reporter | porkythepig |
source | https://www.exploit-db.com/download/4720/ |
title | HP Compaq Notebooks ActiveX Remote Code Execution Exploit |
type | remote |
Nessus
NASL family | Windows |
NASL id | HP_HPINFODLL_ACTIVEX.NASL |
description | The remote host contains the HP Quick Launch Button software, part of the HP Info Center software installed by default on many HP and Compaq laptop models. The version of this software on the remote host includes an ActiveX control that reportedly contains three insecure methods - |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 29725 |
published | 2007-12-18 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/29725 |
title | HP Info Center ActiveX Control Multiple Remote Vulnerabilities |
code |
|
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486
- http://secunia.com/advisories/28055
- http://securitytracker.com/id?1019086
- http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt
- http://www.securityfocus.com/archive/1/484880/100/100/threaded
- http://www.securityfocus.com/bid/26823
- http://www.vupen.com/english/advisories/2007/4192
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38994
- https://www.exploit-db.com/exploits/4720