Porkythepig

**Name of the Vulnerable Software and Affected Versions** HP Software Update versions 3.0.8.4 through 4.000.005.007 **Description** The issue allows remote attackers to overwrite and corrupt arbitrary files via arguments to the `SaveToFile` method, and possibly access arbitrary files via the `LoadDataFromFile` method. **Recommendations** For HP Software Update versions 3.0.8.4 through 4.000.005.007, consider disabling the `SaveToFile` and `LoadDataFromFile` methods until a patch is available. Restrict access to the RulesEngine.dll to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1 **Description** The issue allows remote attackers to execute arbitrary programs via the first argument to the `LaunchApp` method in the HPInfoDLL.HPInfo.1 ActiveX control. This can be done by exploiting an absolute path traversal vulnerability in the HPInfoDLL.dll. It's worth noting that on Windows Vista, only a user-assisted attack is possible. **Recommendations** For HP Quick Launch Button versions 6.3 and earlier, consider disabling the `LaunchApp` method until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the HPInfoDLL.dll to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1 **Description** The issue allows remote attackers to create or modify arbitrary registry values. This is achieved via the arguments to the `SetRegValue` method of the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll. **Recommendations** For HP Quick Launch Button versions 6.3 and earlier, consider disabling the HPInfoDLL.HPInfo.1 ActiveX control until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the `SetRegValue` method to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1 **Description** The issue allows remote attackers to read arbitrary registry values. This is achieved via the arguments to the `GetRegValue` method of the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll. **Recommendations** For HP Quick Launch Button versions 6.3 and earlier, consider disabling the HPInfoDLL.HPInfo.1 ActiveX control until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the `GetRegValue` method to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Help Workshop version 4.03.0002 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved through a help project (.HPJ) file with a long HLP field in the OPTIONS section. **Recommendations** For Microsoft Help Workshop version 4.03.0002, consider avoiding the use of .HPJ files with long HLP fields in the OPTIONS section until a fix is available. As a temporary workaround, restrict the handling of .HPJ files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Help Workshop version 4.03.0002 Description: A stack-based buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file. The .cnt file must be composed of lines that begin with an integer followed by a space and a long string. Recommendations: For Microsoft Help Workshop version 4.03.0002, at the moment, there is no information about a newer version that contains a fix for this vulnerability.