Lucene search

[email protected]CVE-2007-5608

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2007-5608

2008-06-0420:32:00

[email protected]

web.nvd.nist.gov

cve-2007-5608

hpisdatamanagerlib

datamgr

activex control

remote attackers

arbitrary file download

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.196 Low

EPSS

Percentile

96.3%

JSON

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.

Affected configurations

NVD

Node

hpinstant_supportRange≤1.0.0.23

CPENameOperatorVersion
hp:instant_supporthp instant supportle1.0.0.23

CPE	Name	Operator	Version
hp:instant_support	hp instant support	le	1.0.0.23

References

secunia.com/advisories/30516

www.csis.dk/dk/forside/CSIS-RI-0003.pdf

www.kb.cert.org/vuls/id/949587

www.securityfocus.com/bid/29526

www.securityfocus.com/bid/29530

www.securitytracker.com/id?1020165

www.vupen.com/english/advisories/2008/1740/references

www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

exchange.xforce.ibmcloud.com/vulnerabilities/42850

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.196 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-5608

nvd3 cvelist3 prion3 cve2 seebug1 cert8 securityvulns2 nessus1