SAINT CorporationSAINT:980B9CF2E0CAFB23CB3C06A9766CB3FAHP Software Update HPeDiag ActiveX Control GetXmlFromIni buffer overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.3%
Added: 05/22/2008
CVE: CVE-2008-0712
BID: 28929
OSVDB: 44662
Background
HP Software Update is shipped with various kinds of HP computers to keep HP software up to date.
Problem
A buffer overflow in the **GetXmlFromIni** method of the HPeDiag ActiveX control allows command execution when a user loads a web page which reads a specially crafted **ini** file.
Resolution
Upgrade to version 4.000.010.008 or higher as described in HPSBGN02333 SSRT080031.
References
<http://secunia.com/advisories/29966/>
Limitations
Exploit works on HP Software Update 3.0.2.991 (HPeDiag.dll 1.0.11.0) and requires the user to load the exploit page in Internet Explorer.
Before the exploit can succeed, you must place the exploit.ini file on an SMB share which is accessible from the target computer. To do this, download the /exploit.ini file from the exploit server and place it on the share.
Due to large memory allocation by the exploit script on the target, at least 768MB virtual memory needs to be available on the target.
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.3%