5 matches found
HP Online Support Services ActiveX StartApp() arbitrary code execution
Overview The HP Online Support Services ActiveX control contains a method called StartApp. This may allow a remote, unauthenticated attacker to execute local files on a vulnerable system in the context of the local user. Description HP Services provides online product support services including H...
HP Online Support Services ActiveX DownloadFile() arbitrary file download
Overview The HP Online Support Services ActiveX control contains a method called DownloadFile. This may allow a remote, unauthenticated attacker to download files to the location of the ActiveX control. Description HP Services provides online product support services including HP Instant Support...
HP Online Support Services ActiveX ExtractCab() buffer overflow
Overview HP Online Support Services contains the function ExtractCab, which can be exploited to cause a buffer overflow. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system in the context of the local user. Description HP Services provides online...
HP Online Support Services ActiveX AppendStringToFile() arbitrary file writing
Overview The HP Online Support Services ActiveX control contains a method called AppendStringToFile. This may allow a remote, unauthenticated attacker to write to files on a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...
HP Online Support Services ActiveX DeleteSingleFile() arbitrary file deletion
Overview The HP Online Support Services ActiveX control contains a method called DeleteSingleFile. This may allow a remote, unauthenticated attacker to remove files from a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...