CVE-2007-6506

Currently unrated

Key Information:

Vendor: HP
Status: Software Update
Vendor: CVE Published:; 20 December 2007

Summary

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

References

http://www.securitytracker.com/id?1019133

vdb-entryx_refsource_SECTRACK

http://blogs.zdnet.com/security/?p=768

x_refsource_MISC

http://www.securityfocus.com/archive/1/485451/100/0/threaded

vendor-advisoryx_refsource_HP

EPSS Score

83% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 20, 2007
Vulnerability Reserved
Dec 20, 2007