4 matches found
HP Instant Support HPISDataManager.dll ActiveX控件ExtractCab函数缓冲区溢出漏洞
BUGTRAQ ID: 29529 CVECAN ID: CVE-2007-5604 HP Instant Support是是基于网络的故障诊断和排除工具套件,适用于桌面计算和打印产品。 HP Instant Support所安装的HPISDataManager.dll ActiveX控件没有正确地过滤对ExtractCab函数的输入参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话,就可能触发缓冲区溢出,导致执行任意指令。 HP Instant Support 1.0.0.22 临时解决方法:...
HP Online Support Services ActiveX ExtractCab() buffer overflow
Overview HP Online Support Services contains the function ExtractCab, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system in the context of the local user. Description HP Services provides online...
Buffer overflow
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and...
CVE-2007-5604
HP Instant Support HPISDataManager.dll ActiveX control contains ExtractCab() with a buffer overflow that allows a remote attacker to execute arbitrary code in the context of the local user. HP recommends upgrading to HP Instant Support - v1.0.0.24 or later (or applying the kill-bit remediation fo...