Name:
HP.HPeDiag.ActiveX.Control.Access
Released Date:
Apr 28 2008
Severity:
high
CVE:
2008-0712
Bugtraq:
28929

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a vulnerability in the HPeDiag ActiveX control in hpediag.dll.

The HPeDiag ActiveX control is vulnerable to information disclosure and arbitrary code execution exploits. A remote attacker may be able to access arbitrary files or registry keys, and possibly execute code on a vulnerable system.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
Information Disclosure: remote attackers can gain sensitive information from vulnerable systems.
 
Affected Products
HP hpediag.dll, version 4.000.009.002
Aliases
References
http://www.securityfocus.com/bid/28929
http://www.frsirt.com/english/advisories/2008/1356
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0712
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01439758
http://vuln.sg/hpupdate302991-en.html
http://milw0rm.org/exploits/5511
Recommended Actions
Update to version 4.000.010.008 using the HP Update Software.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED