Absolute Path Traversal Vulnerability in HP Info Center by HP
CVE-2007-6331

Currently unrated

Key Information:

Vendor: HP
Status: Info Center; Quick Launch Button
Vendor: CVE Published:; 13 December 2007

Summary

The HP Info Center contains an absolute path traversal vulnerability within the HPInfoDLL.HPInfo.1 ActiveX control in the HPInfoDLL.dll version 1.0. This flaw allows attackers to execute arbitrary programs on the user's system by exploiting the LaunchApp method. While this issue primarily affects configurations running Windows Vista and requires user interaction, it poses significant risks if leveraged by an attacker, potentially compromising system security.

References

http://www.securityfocus.com/bid/26823

vdb-entryx_refsource_BID

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

https://www.exploit-db.com/exploits/4720

exploitx_refsource_EXPLOIT-DB

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 13, 2007
Vulnerability Reserved
Dec 13, 2007