HP Instant Support HPISDataManager.dll ActiveX控件ExtractCab函数缓冲区溢出漏洞

BUGTRAQ ID: 29529 CVECAN ID: CVE-2007-5604 HP Instant Support是是基于网络的故障诊断和排除工具套件，适用于桌面计算和打印产品。 HP Instant Support所安装的HPISDataManager.dll ActiveX控件没有正确地过滤对ExtractCab函数的输入参数。如果用户受骗访问了恶意网页并向该函数传送了超长参数的话，就可能触发缓冲区溢出，导致执行任意指令。 HP Instant Support 1.0.0.22 临时解决方法：...

HP Online Support Services ActiveX ExtractCab() buffer overflow

Overview HP Online Support Services contains the function ExtractCab, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system in the context of the local user. Description HP Services provides online...