CVE-2007-6331

Currently unrated

Key Information:

Vendor: HP
Status: Info Center; Quick Launch Button
Vendor: CVE Published:; 13 December 2007

Summary

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

References

http://www.securityfocus.com/bid/26823

vdb-entryx_refsource_BID

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

https://www.exploit-db.com/exploits/4720

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
Dec 13, 2007
Vulnerability Reserved
Dec 13, 2007