HP Software Update RulesEngine.dll控件远程文件覆盖漏洞

BUGTRAQ ID: 26950 HP Software Update是HP笔记本中默认安装的自动升级和补丁软件。 HP Software Updates所带的ActiveX控件实现上存在漏洞，远程攻击者可能利用此漏洞访问或破坏用户系统上的任意文件。 HP Software Updates所安装的RulesEngine.dll控件（CLSID：7CB9D4F5-C492-42A4-93B1-3F7D6946470D，默认路径C:\Program...

Design/Logic Flaw

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to 1 overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly 2 access arbitrary files via the...

CVE-2007-6506

CVE-2007-6506 affects HP Software Update via the HPRulesEngine.ContentCollection ActiveX (RulesEngine.dll) in versions 4.000.005.007 and earlier (including 3.0.8.4). The ActiveX control exposes SaveToFile and LoadDataFromFile methods that enable remote attackers to overwrite/corrupt arbitrary fil...