EUVD-2007-6298

Malware in sbrugna...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

CVE-2007-6332

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6331

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6333

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

Path traversal

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

CVE-2007-6331

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument...

CVE-2007-6332

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6333

The CVE describes a vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center in HP Quick Launch Button (QLBCTRL.exe/QLB) 6.3 and earlier. The GetRegValue method allows a remote attacker to read arbitrary registry values. Affected software versions in...

CVE-2007-6332

The CVE-2007-6332 entry concerns the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center in HP Quick Launch Button 6.3 and earlier on Windows before Vista. The vulnerability, via the SetRegValue method, allows remote attackers to create or modify arbitrary registry ...

CVE-2007-6331

CVE-2007-6331 describes an absolute path traversal in the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center and the HP Quick Launch Button (QLB) software, up to version 6.3. The vulnerability allows remote attackers to execute arbitrary programs by passing a craft...

CVE-2007-6333

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...