PT-2008-3862 · Hewlett Packard · Hpufunction.Dll
Callax
·
Publicado
2008-05-21
·
Atualizado
2017-09-29
·
CVE-2008-2390
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Hpufunction.dll version 4.0.0.1
Description:
The issue concerns the exposure of unsafe methods in Hpufunction.dll, specifically the
ExecuteAsync and Execute methods. This exposure allows remote attackers to execute arbitrary code by providing an absolute pathname as the first argument.Recommendations:
For Hpufunction.dll version 4.0.0.1, consider disabling the
ExecuteAsync and Execute methods as a temporary workaround until a patch is available. Restrict access to Hpufunction.dll to minimize the risk of exploitation. Avoid using absolute pathnames in the first argument of the affected methods until the issue is resolved.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hpufunction.Dll