10 matches found
CVE-2007-5605
CVE-2007-5605 is a buffer overflow in HPISDataManager.dll's GetFileTime() function within the HP Instant Support ActiveX control. A remote attacker could cause arbitrary code execution by passing a long argument to the function. Affected product: HP Instant Support / HPISDataManager.dll ActiveX c...
CVE-2007-5606
HP Instant Support’s HPISDataManager.dll ActiveX control contains MoveFile() in the HPISDataManager, a buffer overflow that can be exploited by a remote attacker to execute arbitrary code. Public details indicate exploitation requires convincing a user to visit a malicious page to trigger the vul...
CVE-2007-5604
HP Instant Support HPISDataManager.dll ActiveX control contains ExtractCab() with a buffer overflow that allows a remote attacker to execute arbitrary code in the context of the local user. HP recommends upgrading to HP Instant Support - v1.0.0.24 or later (or applying the kill-bit remediation fo...
CVE-2007-5608
HP Instant Support HPISDataManager.dll ActiveX control contains the DownloadFile() function vulnerability (CVE-2007-5608). An unauthenticated remote attacker could force the ActiveX to download arbitrary files to a location on the victim’s system via a crafted URL and destination filename. Affect...
CVE-2008-0952
CVE-2008-0952 concerns the HP Instant Support HPISDataManager.dll ActiveX control. The vulnerability resides in the insecure function AppendStringToFile() , which can allow a remote, unauthenticated attacker to create files with arbitrary content by passing a full pathname as the first argument a...
CVE-2008-0953
The HP Instant Support HPISDataManager.dll ActiveX control (HPISDataManager, used by HP Online Support Services) contains multiple insecure methods (StartApp, DownloadFile, MoveFile, GetFileTime, ExtractCab, AppendStringToFile, RegistryString) that can be exploited by remote, unauthenticated atta...
CVE-2002-0993
HP Instant Support Enterprise Edition (ISEE) U2512A on HP-UX 11.00/11.11 has an unknown vulnerability allowing authenticated users to access restricted files. The available records identify the affected software and the access impact but do not provide technical details on root cause, vulnerable ...
CVE-2007-3554
The CVE-2007-3554 entry describes a stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control (sdd.dll) used by HP Instant Support – Driver Check. A long argument to the queryHub function can allow remote code execution on affected hosts. The vulnerability affects the ActiveX control ...
CVE-2007-5610
HP Instant Support HPISDataManager.dll ActiveX control (before v1.0.0.24) exposes a DeleteSingleFile() method that a remote attacker could abuse via a crafted HTML page to delete arbitrary files on the target system. The same advisory family notes other functions (MoveFile, GetFileTime, AppendStr...
CVE-2007-5607
CVE-2007-5607 is a buffer overflow in the HPISDataManager.dll HP Instant Support ActiveX control (RegistryString function) that could allow a remote attacker to execute arbitrary code via a long first argument. Connected documents corroborate that this family of HP ActiveX vulnerabilities centers...