4 matches found
CVE-2007-6506
CVE-2007-6506 affects HP Software Update via the HPRulesEngine.ContentCollection ActiveX (RulesEngine.dll) in versions 4.000.005.007 and earlier (including 3.0.8.4). The ActiveX control exposes SaveToFile and LoadDataFromFile methods that enable remote attackers to overwrite/corrupt arbitrary fil...
CVE-2008-0712
CVE-2008-0712 affects HP Software Update HPeDiag ActiveX control (hpediag.dll) in Windows. A buffer overflow in the GetXmlFromIni method could allow remote code execution when a user loads a crafted INI file via an HTML page, under IE, on HP Software Update v4.000.009.002 or earlier. HP released ...
CVE-2008-2390
CVE-2008-2390 affects HP Software Update 4.0.0.1, where Hpufunction.dll exposes unsafe methods ExecuteAsync and Execute. The underlying issue is that an absolute pathname in the first argument allows remote code execution. Public exploits exist and the impact is arbitrary code execution with netw...
CVE-2015-5442
CVE-2015-5442 is an unspecified local privilege escalation in HP Software Update prior to 5.005.002.002. Affected product: HP Software Update (on HP laptops). Root cause and vectors are not detailed in the sources, but the vulnerability enables local users to gain privileges (type and scope not f...