Lucene search

CertccCVE-2008-0952

HistoryJun 04, 2008 - 8:32 p.m.

CVE-2008-0952

2008-06-0420:32:00

certcc

web.nvd.nist.gov

cve-2008-0952

hp instant support

hpisdatamanager.dll

activex control

remote attackers

file creation

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.196

Percentile

96.3%

JSON

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.

Affected configurations

Nvd

Node

hpinstant_supportRange≤1.0.0.23

VendorProductVersionCPE
hpinstant_support*cpe:2.3:a:hp:instant_support:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	instant_support	*	cpe:2.3:a:hp:instant_support::::::::

References

secunia.com/advisories/30516

www.csis.dk/dk/forside/CSIS-RI-0003.pdf

www.kb.cert.org/vuls/id/190939

www.securityfocus.com/bid/29526

www.securityfocus.com/bid/29535

www.securitytracker.com/id?1020165

www.vupen.com/english/advisories/2008/1740/references

www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

exchange.xforce.ibmcloud.com/vulnerabilities/42834

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.196

Percentile

96.3%

JSON

Related for CVE-2008-0952