Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6506

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6506
Last Modified 20 Jun 2011 12:00:00
Published 20 Dec 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6506

Summary

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

Vulnerable Systems

Application

  • Hp Software Update 3.0.8.4

  • Hp Software Update 4.000.005.007


References

XF - hpsoftware-rulesengine-file-overwrite(39153)

VUPEN - ADV-2007-4271

SECTRACK - 1019133

BID - 26950

HP - HPSBGN02301

HP - HPSBGN2301

MILW0RM - 4757

MISC - http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt

SECUNIA - 28177

MISC - http://it.slashdot.org/it/07/12/20/2327242.shtml

MISC - http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818

MISC - http://blogs.zdnet.com/security/?p=768

HP - SSRT071508


Last Updated: 27 May 2016 10:47:27