Remote File Deletion Vulnerability in HP Instant Support
CVE-2007-5610

Currently unrated

Key Information:

Vendor: HP
Status: Instant Support
Vendor: CVE Published:; 4 June 2008

Summary

The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control within the HPISDataManager.dll file allows remote attackers to delete arbitrary files. This occurs when an attacker provides a full pathname in the function's argument, leading to potential information loss and compromise of system integrity. Users of HP Instant Support versions prior to 1.0.0.24 are particularly affected by this vulnerability.

References

http://www.kb.cert.org/vuls/id/857539

third-party-advisoryx_refsource_CERT-VN

http://secunia.com/advisories/30516

third-party-advisoryx_refsource_SECUNIA

http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=...

vendor-advisoryx_refsource_HP

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
Oct 21, 2007