Vulnerabilities > CVE-2008-0952 - Code Execution in RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | HP Instant Support 1.0.22 'HPISDataManager.dll' ActiveX Control Arbitrary File Creation Vulnerability. CVE-2008-0952. Dos exploit for windows platform |
id | EDB-ID:31878 |
last seen | 2016-02-03 |
modified | 2008-06-03 |
published | 2008-06-03 |
reporter | Dennis Rand |
source | https://www.exploit-db.com/download/31878/ |
title | HP Instant Support 1.0.22 - 'HPISDataManager.dll' ActiveX Control Arbitrary File Creation Vulnerability |
Nessus
NASL family | Windows |
NASL id | HPISDATAMANAGER_ACTIVEX_1_0_0_24.NASL |
description | The remote host contains several ActiveX controls in HP Instant Support HPISDataManager.dll, a web-based diagnostic tool from Hewlett-Packard. The version of the controls installed on the remote host reportedly are affected by several issues. If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, this method could be used to execute arbitrary code by means of buffer overflows or to execute delete, download, and write to arbitrary files on the affected system, all subject to the user |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 33095 |
published | 2008-06-05 |
reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/33095 |
title | HP Instant Support HPISDataManager.dll ActiveX Control < 1.0.0.24 Vulnerabilities |
code |
|
References
- http://secunia.com/advisories/30516
- http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
- http://www.kb.cert.org/vuls/id/190939
- http://www.securityfocus.com/bid/29526
- http://www.securityfocus.com/bid/29535
- http://www.securitytracker.com/id?1020165
- http://www.vupen.com/english/advisories/2008/1740/references
- http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42834