PT-2007-4901 · Hewlett Packard · Hp Digital Imaging

Shinnai

Publicado

2007-07-10

Atualizado

2017-09-29

CVE-2007-3649

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Hewlett-Packard (HP) Digital Imaging version 2.1.0.556

Description The issue is related to an absolute path traversal vulnerability in a certain ActiveX control. This vulnerability allows remote attackers to create or overwrite arbitrary files. The vulnerability is exploited via the second argument to the SaveToFile method.

Recommendations For version 2.1.0.556, consider restricting access to the SaveToFile method until a patch is available. As a temporary workaround, avoid using the second argument to the SaveToFile method to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-3649

Produtos afetados

Hp Digital Imaging

PT-2007-4901 · Hewlett Packard · Hp Digital Imaging

CVE-2007-3649

Identificadores relacionados

Produtos afetados

Referências · 5