PT-2007-7199 · Hewlett Packard · Hpinfodll.Dll+2

Porkythepig

Published

2007-12-13

Updated

2018-10-15

CVE-2007-6332

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1

Description The issue allows remote attackers to create or modify arbitrary registry values. This is achieved via the arguments to the SetRegValue method of the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll.

Recommendations For HP Quick Launch Button versions 6.3 and earlier, consider disabling the HPInfoDLL.HPInfo.1 ActiveX control until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the SetRegValue method to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-6332

Affected Products

Hp Info Center

Hp Quick Launch Button

Hpinfodll.Dll

PT-2007-7199 · Hewlett Packard · Hpinfodll.Dll+2

CVE-2007-6332

Related Identifiers

Affected Products

References · 10