PT-2007-7200 · Hewlett Packard · Hpinfodll.Dll+2

Porkythepig

Published

2007-12-13

Updated

2018-10-15

CVE-2007-6333

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions HP Quick Launch Button versions 6.3 and earlier HP Info Center version 1.0.1.1

Description The issue allows remote attackers to read arbitrary registry values. This is achieved via the arguments to the GetRegValue method of the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll.

Recommendations For HP Quick Launch Button versions 6.3 and earlier, consider disabling the HPInfoDLL.HPInfo.1 ActiveX control until a patch is available. For HP Info Center version 1.0.1.1, restrict access to the GetRegValue method to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-6333

Affected Products

Hp Info Center

Hp Quick Launch Button

Hpinfodll.Dll

PT-2007-7200 · Hewlett Packard · Hpinfodll.Dll+2

CVE-2007-6333

Related Identifiers

Affected Products

References · 10