PT-2007-7198 · Microsoft+1 · Windows Vista+3

Porkythepig

Publicado

2007-12-13

Atualizado

2018-10-15

CVE-2007-6331

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1

Description The issue allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method in the HPInfoDLL.HPInfo.1 ActiveX control. This can be done by exploiting an absolute path traversal vulnerability in the HPInfoDLL.dll. It's worth noting that on Windows Vista, only a user-assisted attack is possible.

Recommendations For HP Quick Launch Button versions 6.3 and earlier, consider disabling the LaunchApp method until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the HPInfoDLL.dll to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2007-6331

Produtos afetados

Hp Info Center

Hp Quick Launch Button

Hpinfodll.Dll

Windows Vista

PT-2007-7198 · Microsoft+1 · Windows Vista+3

CVE-2007-6331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10