PT-2007-4901 · Hewlett Packard · Hp Digital Imaging

Shinnai

Published

2007-07-10

Updated

2017-09-29

CVE-2007-3649

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Hewlett-Packard (HP) Digital Imaging version 2.1.0.556

Description The issue is related to an absolute path traversal vulnerability in a certain ActiveX control. This vulnerability allows remote attackers to create or overwrite arbitrary files. The vulnerability is exploited via the second argument to the SaveToFile method.

Recommendations For version 2.1.0.556, consider restricting access to the SaveToFile method until a patch is available. As a temporary workaround, avoid using the second argument to the SaveToFile method to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3649

Affected Products

Hp Digital Imaging

PT-2007-4901 · Hewlett Packard · Hp Digital Imaging

CVE-2007-3649

Related Identifiers

Affected Products

References · 5