Lucene search

[email protected]CVE-2007-5608

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2007-5608

2008-06-0420:32:00

[email protected]

web.nvd.nist.gov

cve-2007-5608

hpisdatamanagerlib

datamgr

activex control

remote attackers

arbitrary file download

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.196 Low

EPSS

Percentile

96.3%

JSON

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.

Affected configurations

NVD

Node

hpinstant_supportRange≤1.0.0.23

CPENameOperatorVersion
hp:instant_supporthp instant supportle1.0.0.23

CPE	Name	Operator	Version
hp:instant_support	hp instant support	le	1.0.0.23

References

secunia.com/advisories/30516

www.csis.dk/dk/forside/CSIS-RI-0003.pdf

www.kb.cert.org/vuls/id/949587

www.securityfocus.com/bid/29526

www.securityfocus.com/bid/29530

www.securitytracker.com/id?1020165

www.vupen.com/english/advisories/2008/1740/references

www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

exchange.xforce.ibmcloud.com/vulnerabilities/42850

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.196 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-5608

cve2 nvd3 prion3 cvelist3 seebug1 cert8 nessus1 securityvulns2