File Download Vulnerability in HP Instant Support by HP
CVE-2007-5608

Currently unrated

Key Information:

Vendor: HP
Status: Instant Support
Vendor: CVE Published:; 4 June 2008

What is CVE-2007-5608?

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control present in HPISDataManager.dll prior to version 1.0.0.24 allows attackers to initiate unintended file downloads on client systems. By crafting a specific URL in the first argument and providing a destination filename in the second, malicious entities can exploit this vulnerability for unauthorized file transfers to client machines, potentially leading to further security breaches.

References

http://secunia.com/advisories/30516

third-party-advisoryx_refsource_SECUNIA

http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=...

vendor-advisoryx_refsource_HP

https://exchange.xforce.ibmcloud.com/vulnerabilities/42850

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
Oct 21, 2007