SAINT CorporationSAINT:661F5F2BFE0BCB2939DBC9F53257ED9EHP Software Update HPeDiag ActiveX Control GetXmlFromIni buffer overflow
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.449 Medium
EPSS
Percentile
97.0%
Added: 05/22/2008
CVE: CVE-2008-0712
BID: 28929
OSVDB: 44662
Background
HP Software Update is shipped with various kinds of HP computers to keep HP software up to date.
Problem
A buffer overflow in the **GetXmlFromIni** method of the HPeDiag ActiveX control allows command execution when a user loads a web page which reads a specially crafted **ini** file.
Resolution
Upgrade to version 4.000.010.008 or higher as described in HPSBGN02333 SSRT080031.
References
<http://secunia.com/advisories/29966/>
Limitations
Exploit works on HP Software Update 3.0.2.991 (HPeDiag.dll 1.0.11.0) and requires the user to load the exploit page in Internet Explorer.
Before the exploit can succeed, you must place the exploit.ini file on an SMB share which is accessible from the target computer. To do this, download the /exploit.ini file from the exploit server and place it on the share.
Due to large memory allocation by the exploit script on the target, at least 768MB virtual memory needs to be available on the target.
Platforms
Windows
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.449 Medium
EPSS
Percentile
97.0%