Vulnerabilities > CVE-2007-6506 - File Overwrite vulnerability in HP Software Update 'RulesEngine.dll' ActiveX Control

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
hp
critical
nessus
exploit available
NVD
Published: 2007-12-20
Updated: 2018-10-15

Summary

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

Vulnerable Configurations

Part Description Count
Application
Hp
7

Exploit-Db

descriptionHP Software Update client 3.0.8.4 Multiple Remote Vulnerabilities. CVE-2007-6506. Dos exploit for windows platform
fileexploits/windows/dos/4757.txt
idEDB-ID:4757
last seen2016-01-31
modified2007-12-19
platformwindows
port
published2007-12-19
reporterporkythepig
sourcehttps://www.exploit-db.com/download/4757/
titlehp software update client 3.0.8.4 - Multiple Vulnerabilities
typedos

Nessus

NASL familyWindows
NASL idHP_UPDATE_RULESENGINE_ACTIVEX_INSECURE.NASL
descriptionThe remote host contains the HP Software Update software, installed by default on many HP notebooks to support automatic software updates and vulnerability patching. The version of this software on the remote host includes an ActiveX control,
last seen2020-06-01
modified2020-06-02
plugin id29747
published2007-12-23
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/29747
titleHP Software Update HPRulesEngine.ContentCollection ActiveX (RulesEngine.dll) Multiple Insecure Methods

References