Vulnerability CVE-2007-6506


Published: 2007-12-20   Modified: 2012-02-12

Description:
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
HP -> Software update 

 References:
http://blogs.zdnet.com/security/?p=768
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
http://it.slashdot.org/it/07/12/20/2327242.shtml
http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
http://www.securityfocus.com/archive/1/485451/100/0/threaded
http://www.securityfocus.com/archive/1/485734/100/0/threaded
http://www.securityfocus.com/bid/26950
http://www.securitytracker.com/id?1019133
http://www.vupen.com/english/advisories/2007/4271
https://exchange.xforce.ibmcloud.com/vulnerabilities/39153
https://www.exploit-db.com/exploits/4757

Copyright 2024, cxsecurity.com

 

Back to Top