Code Execution Vulnerability in HP Software Update from HP
CVE-2008-2390

Currently unrated

Key Information:

Vendor: HP
Status: Software Update
Vendor: CVE Published:; 21 May 2008

Summary

The hpufunction.dll file version 4.0.0.1 in HP Software Update contains vulnerabilities that allow remote attackers to execute arbitrary code. This is possible through unsafe usage of the ExecuteAsync and Execute methods, which accept unvalidated arguments. By exploiting these methods with an absolute pathname, an attacker can gain unauthorized access and control over the affected systems. It is critical for users to apply available patches or updates to mitigate potential security risks associated with this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42249

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/5511

exploitx_refsource_EXPLOIT-DB

Timeline

Vulnerability published
May 21, 2008
Vulnerability Reserved
May 21, 2008