Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6333

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-6333
Last Modified 07 Mar 2011 12:00:00
Published 13 Dec 2007 02:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6333

Summary

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.

Vulnerable Systems

Application

  • Hp Info Center 1.0.1.1

  • Hp Quick Launch Button 6.3


References

XF - hpinfo-hpinfo-information-disclosure(38994)

VUPEN - ADV-2007-4192

BID - 26823

BUGTRAQ - 20071211 HP notebooks remote code execution vulnerability (multiple series)

MILW0RM - 4720

MISC - http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

SECTRACK - 1019086

SECUNIA - 28055

HP - SSRT071502

HP - HPSBGN02298


Last Updated: 27 May 2016 10:51:54