Lucene search

[email protected]CVE-2007-3649

HistoryJul 10, 2007 - 5:30 p.m.

CVE-2007-3649

2007-07-1017:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3649

absolute path traversal

hpqvwocx.dll

remote attack

arbitrary files

nvd

activex control

digital imaging

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.

Affected configurations

NVD

Node

hpphoto_digital_imaging_activex_controlMatch2.1.0.556

CPENameOperatorVersion
hp:photo_digital_imaging_activex_controlhp photo digital imaging activex controleq2.1.0.556

CPE	Name	Operator	Version
hp:photo_digital_imaging_activex_control	hp photo digital imaging activex control	eq	2.1.0.556

References

osvdb.org/45800

www.securityfocus.com/bid/24793

exchange.xforce.ibmcloud.com/vulnerabilities/35288

www.exploit-db.com/exploits/4155

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2007-3649

cvelist1 prion1 nvd1