3 matches found
HP Instant Support HPISDataManager.dll ActiveX控件任意文件下载漏洞
BUGTRAQ ID: 29530 CVECAN ID: CVE-2007-5608 HP Instant Support是是基于网络的故障诊断和排除工具套件,适用于桌面计算和打印产品。 HP Instant Support所安装的HPISDataManager.dll ActiveX控件没有正确地过滤对DownloadFile函数的输入参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话,就可能导致向本地系统下载任意文件。 HP Instant Support 1.0.0.22 临时解决方法:...
Hardcoded credentials
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a differe...
CVE-2007-5608
HP Instant Support HPISDataManager.dll ActiveX control contains the DownloadFile() function vulnerability (CVE-2007-5608). An unauthenticated remote attacker could force the ActiveX to download arbitrary files to a location on the victim’s system via a crafted URL and destination filename. Affect...