Information Disclosure in HP Quick Launch Button by HP Info Center
CVE-2007-6333

Currently unrated

Key Information:

Vendor: HP
Status: Info Center; Quick Launch Button
Vendor: CVE Published:; 13 December 2007

Summary

The HPInfoDLL.HPInfo.1 ActiveX control, present in HP Info Center versions prior to 1.0.1.1, contains a security flaw that permits remote attackers to access arbitrary registry values through crafted input to the GetRegValue method. This vulnerability potentially exposes sensitive information stored in the Windows registry, leading to a risk of further exploitation.

References

http://www.securityfocus.com/bid/26823

vdb-entryx_refsource_BID

http://h20000.www2.hp.com/bizsupport/TechSupport/Document...

vendor-advisoryx_refsource_HP

https://www.exploit-db.com/exploits/4720

exploitx_refsource_EXPLOIT-DB

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 13, 2007
Vulnerability Reserved
Dec 13, 2007