ActiveX Control Vulnerability in HP Software Update
CVE-2007-6506

Currently unrated

Key Information:

Vendor: HP
Status: Software Update
Vendor: CVE Published:; 20 December 2007

Summary

The HPRulesEngine.ContentCollection.1 ActiveX Control embedded in HP Software Update versions up to 4.000.005.007, including 3.0.8.4, exposes a significant security risk. This vulnerability arises from improper handling of the SaveToFile method, enabling remote attackers to overwrite and corrupt arbitrary files on the system. Additionally, through the LoadDataFromFile method, attackers may gain unauthorized access to sensitive files. Users of affected versions should apply necessary patches to mitigate these security risks.

References

http://www.securitytracker.com/id?1019133

vdb-entryx_refsource_SECTRACK

http://blogs.zdnet.com/security/?p=768

x_refsource_MISC

http://www.securityfocus.com/archive/1/485451/100/0/threaded

vendor-advisoryx_refsource_HP

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 20, 2007
Vulnerability Reserved
Dec 20, 2007