Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6332

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6332
Last Modified 07 Mar 2011 12:00:00
Published 13 Dec 2007 02:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6332

Summary

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.

Vulnerable Systems

Application

  • Hp Info Center 1.0.1.1

  • Hp Quick Launch Button 6.3


References

XF - hpinfo-hpinfo-information-disclosure(38994)

VUPEN - ADV-2007-4192

BID - 26823

BUGTRAQ - 20071211 HP notebooks remote code execution vulnerability (multiple series)

MILW0RM - 4720

MISC - http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

SECTRACK - 1019086

SECUNIA - 28055

HP - SSRT071502

HP - HPSBGN02298


Last Updated: 27 May 2016 10:47:27