PT-2007-7200 · Hewlett Packard · Hpinfodll.Dll+2

Porkythepig

Publicado

2007-12-13

Atualizado

2018-10-15

CVE-2007-6333

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1

Description The issue allows remote attackers to read arbitrary registry values. This is achieved via the arguments to the GetRegValue method of the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll.

Recommendations For HP Quick Launch Button versions 6.3 and earlier, consider disabling the HPInfoDLL.HPInfo.1 ActiveX control until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the GetRegValue method to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-6333

Produtos afetados

Hp Info Center

Hp Quick Launch Button

Hpinfodll.Dll

PT-2007-7200 · Hewlett Packard · Hpinfodll.Dll+2

CVE-2007-6333

Identificadores relacionados

Produtos afetados

Referências · 10