Name:
HP.Instant.Support.ActiveX.Control.Access
Released Date:
Jun 10 2008
Severity:
critical
CVE:
2008-0952
2008-0953
2007-5604
2007-5607
2007-5610
2007-5605
2007-5606
2007-5608

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates a possible attempt to exploit some issues in HP Instant Support.

The vulnerability is in the "HPISDataManager.dll" ActiveX control through misused methods. It may allow remote attackers to execute arbitrary code in the context of the application, or download, write, execute, and delete arbitrary files on the vulnerable system.
 
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
 
Affected Products
HP Instant Support HPISDataManager.dll v1.0.0.22 and later versions.
Aliases
References
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0952
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0953
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5604
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5607
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5610
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5605
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5606
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5608
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264
http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
Recommended Actions
Disable this ActiveX Control by setting its kill bit, or upgrade to HP Instant Support v1.0.0.24 or later versions, available from the vendor's website.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED