Lucene search

CertccCVE-2007-5605

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2007-5605

2008-06-0420:32:00

certcc

web.nvd.nist.gov

cve-2007-5605

hpisdatamanager.dll

activex control

buffer overflow

remote code execution

hp instant support

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.186

Percentile

96.2%

JSON

Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.

Affected configurations

Nvd

Node

hpinstant_supportRange≤1.0.0.23

VendorProductVersionCPE
hpinstant_support*cpe:2.3:a:hp:instant_support:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	instant_support	*	cpe:2.3:a:hp:instant_support::::::::

References

secunia.com/advisories/30516

www.csis.dk/dk/forside/CSIS-RI-0003.pdf

www.kb.cert.org/vuls/id/558163

www.securityfocus.com/bid/29526

www.securityfocus.com/bid/29531

www.securitytracker.com/id?1020165

www.vupen.com/english/advisories/2008/1740/references

www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

exchange.xforce.ibmcloud.com/vulnerabilities/42845

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.186

Percentile

96.2%

JSON

Related for CVE-2007-5605