Lucene search

K
cve[email protected]CVE-2007-5608
HistoryJun 04, 2008 - 8:32 p.m.

CVE-2007-5608

2008-06-0420:32:00
web.nvd.nist.gov
22
cve-2007-5608
hpisdatamanagerlib
datamgr
activex control
remote attackers
arbitrary file download

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.196 Low

EPSS

Percentile

96.3%

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.

Affected configurations

NVD
Node
hpinstant_supportRange≀1.0.0.23

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.196 Low

EPSS

Percentile

96.3%