Absolute Path Traversal Vulnerability in HP Digital Imaging Control
CVE-2007-3649

Currently unrated

Key Information:

Vendor: HP
Status: Photo Digital Imaging Activex Control
Vendor: CVE Published:; 10 July 2007

Summary

An absolute path traversal vulnerability exists within an ActiveX control in HP's Digital Imaging software. This flaw allows remote attackers to manipulate file paths through the SaveToFile method, potentially leading to unauthorized file creation or overwriting on the targeted system. The issue specifically revolves around how the second argument of this method handles input, creating a security risk that can be exploited by malicious actors.

References

https://www.exploit-db.com/exploits/4155

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/24793

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/35288

vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 10, 2007
Vulnerability Reserved
Jul 10, 2007