PT-2007-4748 · Hewlett Packard · Hp Photo Digital Imaging

Callax

Publicado

2007-06-29

Atualizado

2018-10-16

CVE-2007-3487

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Hewlett-Packard (HP) Photo Digital Imaging version 2.0.0.133

Description The issue concerns an absolute path traversal in a certain ActiveX control in the hpqxml.dll file, which allows remote attackers to create or overwrite arbitrary files. This is achieved by manipulating the argument to the saveXMLAsFile method.

Recommendations For version 2.0.0.133, consider restricting access to the saveXMLAsFile method until a patch is available. Additionally, avoid using the saveXMLAsFile method with untrusted input to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2007-3487

Produtos afetados

Hp Photo Digital Imaging

PT-2007-4748 · Hewlett Packard · Hp Photo Digital Imaging

CVE-2007-3487

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7