CVE-2007-6332

2007-12-1319:46:00

mitre

web.nvd.nist.gov

cve-2007-6332

hpinfodll

activex control

hp info center

qlbctrl.exe

registry values

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.037

Percentile

91.9%

JSON

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.

Affected configurations

Nvd

Node

hpinfo_centerMatch1.0.1.1

hpquick_launch_buttonRange≤6.3

VendorProductVersionCPE
hpinfo_center1.0.1.1cpe:2.3:a:hp:info_center:1.0.1.1:*:*:*:*:*:*:*
hpquick_launch_button*cpe:2.3:a:hp:quick_launch_button:*:*:*:*:*:*:*:*