7 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.945 High
EPSS
Percentile
99.2%
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
CPE | Name | Operator | Version |
---|---|---|---|
hp:software_update | hp software update | eq | 3.0.8.4 |
hp:software_update | hp software update | le | 4.000.005.007 |
blogs.zdnet.com/security/?p=768
computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
it.slashdot.org/it/07/12/20/2327242.shtml
secunia.com/advisories/28177
www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
www.securityfocus.com/archive/1/485451/100/0/threaded
www.securityfocus.com/archive/1/485734/100/0/threaded
www.securityfocus.com/bid/26950
www.securitytracker.com/id?1019133
www.vupen.com/english/advisories/2007/4271
exchange.xforce.ibmcloud.com/vulnerabilities/39153
www.exploit-db.com/exploits/4757