Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6331

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6331
Last Modified 03 Aug 2013 02:40:56
Published 13 Dec 2007 02:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6331

Summary

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

Vulnerable Systems

Application

  • Hp Info Center 1.0.1.1

  • Hp Quick Launch Button 6.3


References

XF - hpinfo-hpinfo-command-execution(38991)

VUPEN - ADV-2007-4192

BID - 26823

BUGTRAQ - 20071211 HP notebooks remote code execution vulnerability (multiple series)

MILW0RM - 4720

MISC - http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

SECTRACK - 1019086

SECUNIA - 28055

HP - SSRT071502

HP - HPSBGN02298


Last Updated: 27 May 2016 10:47:27