Lucene search

[email protected]CVE-2007-6333

HistoryDec 13, 2007 - 7:46 p.m.

CVE-2007-6333

2007-12-1319:46:00

[email protected]

web.nvd.nist.gov

cve-2007-6333

hpinfodll

activex

vulnerability

remote attackers

registry

nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.

Affected configurations

NVD

Node

hpinfo_centerMatch1.0.1.1

hpquick_launch_buttonRange≤6.3

CPENameOperatorVersion
hp:info_centerhp info centereq1.0.1.1
hp:quick_launch_buttonhp quick launch buttonle6.3

CPE	Name	Operator	Version
hp:info_center	hp info center	eq	1.0.1.1
hp:quick_launch_button	hp quick launch button	le	6.3

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486

secunia.com/advisories/28055

securitytracker.com/id?1019086

www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

www.securityfocus.com/archive/1/484880/100/100/threaded

www.securityfocus.com/bid/26823

www.vupen.com/english/advisories/2007/4192

exchange.xforce.ibmcloud.com/vulnerabilities/38994

www.exploit-db.com/exploits/4720

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.2%

JSON

Related for CVE-2007-6333

prion1 nvd1 cvelist1 securityvulns2 nessus1 kaspersky1