Lucene search

[email protected]CVE-2008-2390

HistoryMay 21, 2008 - 1:24 p.m.

CVE-2008-2390

2008-05-2113:24:00

CWE-94

[email protected]

web.nvd.nist.gov

software

update

hpufunction.dll

cve-2008-2390

security vulnerability

code execution

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.888 High

EPSS

Percentile

98.7%

JSON

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

Affected configurations

NVD

Node

hpsoftware_updateMatch4.0.0.1

CPENameOperatorVersion
hp:software_updatehp software updateeq4.0.0.1

CPE	Name	Operator	Version
hp:software_update	hp software update	eq	4.0.0.1

References

exchange.xforce.ibmcloud.com/vulnerabilities/42249

www.exploit-db.com/exploits/5511

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.888 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2008-2390

kaspersky1 cvelist1 prion1 nvd1