CVE Vulnerability

CVE-2007-6506

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
http://www.securityfocus.com/bid/26950 Exploit
http://www.securitytracker.com/id?1019133
http://secunia.com/advisories/28177 Vendor Advisory
http://blogs.zdnet.com/security/?p=768
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
http://it.slashdot.org/it/07/12/20/2327242.shtml
http://www.vupen.com/english/advisories/2007/4271 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39153
https://www.exploit-db.com/exploits/4757
http://www.securityfocus.com/archive/1/485734/100/0/threaded
http://www.securityfocus.com/archive/1/485451/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:hp:software_update:3.0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:hp:software_update:*:*:*:*:*:*:*:*
Information

Published : 2007-12-20 11:46

Updated : 2018-10-15 09:54

NVD link : CVE-2007-6506

Mitre link : CVE-2007-6506

Products Affected
No products.
CWE
NVD-CWE-Other