Stack-Based Buffer Overflow in HP Instant Support Driver Check by HP
CVE-2007-3554

Currently unrated

Key Information:

Vendor: HP
Status: Instant Support
Vendor: CVE Published:; 4 July 2007

What is CVE-2007-3554?

The HP Instant Support - Driver Check contains a stack-based buffer overflow vulnerability in the HPSDDX Class ActiveX control (sdd.dll). This flaw can be exploited by remote attackers who send a specially crafted long argument to the queryHub function, potentially allowing them to execute arbitrary code on the affected system. Users are strongly advised to update to version 1.5.0.3 or later to mitigate this risk.

References

http://www.vupen.com/english/advisories/2007/2413

vdb-entryx_refsource_VUPEN

http://www.shinnai.altervista.org/index.php?mod=02_Forum&...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/35228

vdb-entryx_refsource_XF

EPSS Score

32% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2007
Vulnerability Reserved
Jul 4, 2007