Buffer Overflow in HP Instant Support ActiveX Control
CVE-2007-5605

Currently unrated

Key Information:

Vendor: HP
Status: Instant Support
Vendor: CVE Published:; 4 June 2008

Summary

A buffer overflow vulnerability exists in the GetFileTime function within the HPISDataManagerLib.Datamgr ActiveX control of HP Instant Support prior to version 1.0.0.24. This flaw allows remote attackers to execute arbitrary code by supplying a long argument, enabling unauthorized actions on affected systems. This vulnerability is distinct from other identified vulnerabilities in the same series.

References

http://secunia.com/advisories/30516

third-party-advisoryx_refsource_SECUNIA

http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=...

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/29526

vdb-entryx_refsource_BID

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
Oct 21, 2007