Lucene search

[email protected]CVE-2008-0952

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2008-0952

2008-06-0420:32:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2008-0952

hp instant support

hpisdatamanager.dll

activex control

remote attackers

file creation

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.196 Low

EPSS

Percentile

96.3%

JSON

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.

CPENameOperatorVersion
hp:instant_supporthp instant supportle1.0.0.23

CPE	Name	Operator	Version
hp:instant_support	hp instant support	le	1.0.0.23

References

secunia.com/advisories/30516

www.csis.dk/dk/forside/CSIS-RI-0003.pdf

www.kb.cert.org/vuls/id/190939

www.securityfocus.com/bid/29526

www.securityfocus.com/bid/29535

www.securitytracker.com/id?1020165

www.vupen.com/english/advisories/2008/1740/references

www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

exchange.xforce.ibmcloud.com/vulnerabilities/42834

6.4 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.196 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2008-0952

prion3 cve2 cvelist3 cert8 nessus1 securityvulns2 seebug1