Absolute Path Traversal in HP Photo Digital Imaging Software
CVE-2007-3487

Currently unrated

Key Information:

Vendor: HP
Status: Photo Digital Imaging Activex Control
Vendor: CVE Published:; 29 June 2007

Summary

A path traversal vulnerability exists in the HP Photo Digital Imaging software, specifically in the hpqxml.dll component (version 2.0.0.133). This flaw can be exploited by remote attackers, allowing them to manipulate the 'saveXMLAsFile' method to create or overwrite arbitrary files on the affected system. This vulnerability poses significant risks as it could lead to unauthorized access or data corruption.

References

http://osvdb.org/37675

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/35124

vdb-entryx_refsource_XF

http://securityreason.com/securityalert/2846

third-party-advisoryx_refsource_SREASON

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 29, 2007
Vulnerability Reserved
Jun 29, 2007