Code Execution Vulnerability in HP Instant Support by HP
CVE-2008-0953

Currently unrated

Key Information:

Vendor: HP
Status: Instant Support
Vendor: CVE Published:; 4 June 2008

What is CVE-2008-0953?

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll, found in HP Instant Support versions prior to 1.0.0.24, allows remote attackers to execute arbitrary programs. This can be achieved by supplying a malicious .exe filename as an argument to the function, enabling potential exploitation of the vulnerability by unauthorized users.

References

http://secunia.com/advisories/30516

third-party-advisoryx_refsource_SECUNIA

http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=...

vendor-advisoryx_refsource_HP

http://www.securityfocus.com/bid/29533

vdb-entryx_refsource_BID

EPSS Score

14% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2008
Vulnerability Reserved
Feb 25, 2008