SecuMania Security Portal - HP Instant Support 'HPISDataManager.dll' 'MoveFile' ActiveX Control Buffer Overflow Vulnerability

Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

thanks

Basics of the One-Time-Pad

莆田SEO www.0594seo.com.cn 莆田SEM搜索引擎优化营销 www.ptsem.org.cn

Realsecure CGI Attack Subversion Vulnera...

hi webmaster,plz help me to find any information about account harvesting and traversal path attack ...

AR-Blog Comment HTML Injection Vulnerabi...

[…] self-propagating malware in the first place. Share this post: email it! | bookmark it! | digg ...

INDEXU <= 5.0.1 (admin_template_path) Re...

Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...

Advanced Image Hosting (AIH) 2.1 Remote ...

good job you are the best . mgharba talmout :d

Online Rental Property Script <= 4.5 (pi...

Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...

netOffice Dwins Authentication Bypass Vu...

Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...

BM Classifieds <= 20080409 Multiple SQL ...

Current version of script corrected. Security patch available to registered users in the user foru...

Nukedit 4.9.x Remote Create Admin Exploi...

But i think to protect the password is not needed because it's not used in the SQL-Execute statement...

Packet Storm

Packet Storm Last 10 Exploits

Packet Storm Last 10 Advisories

Packet Storm Last 10 Tools

Packet Storm Last 10 Miscellaneous Files

Packet Storm Headlines

Visits today:	567
Visits yesterday:	911
Visits month:	19661
Visits total:	65969
Pages total:	930399

HP Instant Support 'HPISDataManager.dll' 'MoveFile' ActiveX Control Buffer Overflow Vulnerability

Wednesday, 04 June 2008

HP Instant Support \'HPISDataManager.dll\' \'MoveFile\' ActiveX Control Buffer Overflow Vulnerability
Class:	Boundary Condition Error
CVE:	CVE-2007-5606
Remote:	Yes
Local:	No
Published:	Jun 04 2008 12:00AM
Updated:	Jun 04 2008 12:00AM
Credit:	Dennis Rand
Vulnerable:	HP Instant Support 1.0 22
Not Vulnerable:	HP Instant Support 1.0 24
Description:	HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. HP Instant Support 1.0.0.22 and earlier versions are affected. This issue was originally described in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities). Due to the availability of new information, this issue is being assigned a new individual BID.
Exploit:	To exploit this issue, an attacker must entice an unsuspecting user to view a malicious web document. The following proof-of-concept is available: HP-Instant-Support-'HPISDataManager.dll'-'MoveFile'-ActiveX-Control-Buffer-Overflow-Vulnerability-29532.html
Solution:	The vendor released fixes to address this issue. Please see the references for more information.
References:	HP Instant Support Home Page (HP ) Microsoft support document 240797 (Microsoft) Advisory - HP Online Support Service ActiveX multiple vulnerabilities (CSIS Security Research and Intelligence)
Source:	Securityfocus