HP Info Center ActiveX Control Multiple Remote Vulnerabilities

The remote host contains the HP Quick Launch Button software, part of the HP Info Center software installed by default on many HP and Compaq laptop models. The version of this software on the remote host includes an ActiveX control that reportedly contains three insecure methods - 'GetRegValue',...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

CVE-2007-6331

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

Path traversal

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

CVE-2007-6332

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6331

CVE-2007-6331 describes an absolute path traversal in the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center and the HP Quick Launch Button (QLB) software, up to version 6.3. The vulnerability allows remote attackers to execute arbitrary programs by passing a craft...

KLA10186 Multiple vulnerabilities in HP Quick Launch Button

Multiple serious vulnerabilities have been found in HP Quick Launch Button. Malicious users can exploit these vulnerabilities to read and write arbitrary registry entries or execute arbitrary programs Below is a complete list of vulnerabilities 1. Vectors related to GetRegValue and SetRegValue ca...