Remote File Creation Vulnerability in HP Instant Support ActiveX Control
CVE-2008-0952

Currently unrated

Key Information:

Vendor: HP
Status: Instant Support
Vendor: CVE Published:; 4 June 2008

Summary

A vulnerability exists in the AppendStringToFile function within the HPISDataManagerLib.Datamgr ActiveX control in HP Instant Support versions prior to 1.0.0.24. This flaw enables remote attackers to generate files containing arbitrary content on the affected system by manipulating the full pathname and content through crafted parameters. This can lead to unauthorized file creation, impacting the integrity and confidentiality of system data.

References

http://secunia.com/advisories/30516

third-party-advisoryx_refsource_SECUNIA

http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=...

vendor-advisoryx_refsource_HP

http://www.kb.cert.org/vuls/id/190939

third-party-advisoryx_refsource_CERT-VN

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
Feb 25, 2008