SecuMania Security Portal - RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution

Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

thanks

Basics of the One-Time-Pad

莆田SEO www.0594seo.com.cn 莆田SEM搜索引擎优化营销 www.ptsem.org.cn

Realsecure CGI Attack Subversion Vulnera...

hi webmaster,plz help me to find any information about account harvesting and traversal path attack ...

AR-Blog Comment HTML Injection Vulnerabi...

[…] self-propagating malware in the first place. Share this post: email it! | bookmark it! | digg ...

INDEXU <= 5.0.1 (admin_template_path) Re...

Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...

Advanced Image Hosting (AIH) 2.1 Remote ...

good job you are the best . mgharba talmout :d

Online Rental Property Script <= 4.5 (pi...

Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...

netOffice Dwins Authentication Bypass Vu...

Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...

BM Classifieds <= 20080409 Multiple SQL ...

Current version of script corrected. Security patch available to registered users in the user foru...

Nukedit 4.9.x Remote Create Admin Exploi...

But i think to protect the password is not needed because it's not used in the SQL-Execute statement...

Packet Storm

Packet Storm Last 10 Exploits

Packet Storm Last 10 Advisories

Packet Storm Last 10 Tools

Packet Storm Last 10 Miscellaneous Files

Packet Storm Headlines

Visits today:	572
Visits yesterday:	911
Visits month:	19666
Visits total:	65974
Pages total:	930440

RETIRED: HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution

Tuesday, 03 June 2008

RETIRED: HP Instant Support \'HPISDataManager.dll\' ActiveX Control Unspecified Code Execution
Class:	Unknown
CVE:	CVE-2007-5604 CVE-2007-5606 CVE-2007-5607 CVE-2007-5608 CVE-2007-5610 CVE-2008-0952 CVE-2008-0953 CVE-2007-5605
Remote:	Yes
Local:	No
Published:	Jun 03 2008 12:00AM
Updated:	Jun 04 2008 06:53PM
Credit:	Dennis Rand
Vulnerable:	HP Instant Support 1.0 22
Not Vulnerable:	HP Instant Support 1.0 24
Description:	HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to multiple unspecified vulnerabilities that allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. HP Instant Support 1.0.0.22 and earlier versions are affected. NOTE: This BID is being retired; the following individual records have been created to better document the issues: 29529 HP Instant Support 'HPISDataManager.dll' 'ExtractCab' ActiveX Control Buffer Overflow Vulnerability 29530 HP Instant Support ActiveX Control in 'HPISDataManager.dll' Arbitrary File Download Vulnerability 29531 HP Instant Support 'HPISDataManager.dll' 'GetFileTime' ActiveX Control Buffer Overflow Vulnerability 29532 HP Instant Support 'HPISDataManager.dll' 'MoveFile' ActiveX Control Buffer Overflow Vulnerability 29533 HP Instant Support 'HPISDataManager.dll' 'StartApp' ActiveX Control Insecure Method Vulnerability 29534 HP Instant Support 'HPISDataManager.dll' 'RegistryString' Buffer Overflow Vulnerability 29535 HP Instant Support 'HPISDataManager.dll' ActiveX Control Arbitrary File Creation Vulnerability 29536 HP Instant Support 'HPISDataManager.dll' ActiveX Control Arbitrary File Delete Vulnerability
Exploit:	Currently SecuMania is not aware of any exploits for this issue. If you are aware of more recent information, please mail us at: vul[at]SecuMania.org.
Solution:	The vendor released fixes to address these issues. Please see the references for more information.
References:	HP Instant Support Home Page (HP ) Microsoft Knowledge Base article 240797 (Microsoft)
Source:	Securityfocus