Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2390

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2390
Last Modified 29 Oct 2012 11:11:49
Published 21 May 2008 09:24:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2390

Summary

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

Vulnerable Systems

Application

  • Hp Software Update 4.0.0.1


References

MILW0RM - 5511

XF - hp-softwareupdate-hpufunction-code-execution(42249)


Last Updated: 27 May 2016 10:47:14