HP Software Update HPRulesEngine.ContentCollection ActiveX (RulesEngine.dll) Multiple Insecure Methods

high Nessus Plugin ID 29747

Synopsis

The remote Windows host has an ActiveX control that allows reading and writing of arbitrary files.

Description

The remote host contains the HP Software Update software, installed by default on many HP notebooks to support automatic software updates and vulnerability patching.

The version of this software on the remote host includes an ActiveX control, 'RulesEngineLib', that reportedly contains two insecure methods - 'LoadDataFromFile()' and 'SaveToFile()' - that are marked as 'Safe for Scripting' and allow for reading and overwriting arbitrary files on the affected system. If a remote attacker can trick a user on the affected host into visiting a specially crafted web page, this issue could be leveraged to effectively destroy arbitrary files on the remote host, potentially even files that are vital for its operation, or to read the contents of arbitrary files.

Solution

Either use HP Software Update itself to update the software or disable use of this ActiveX control from within Internet Explorer by setting its kill bit.

See Also

https://www.securityfocus.com/archive/1/485325/30/0/threaded

http://www.securityfocus.com/advisories/13673

Plugin Details

Severity: High

ID: 29747

File Name: hp_update_rulesengine_activex_insecure.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 12/23/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:hp:software_update

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/21/2007

Reference Information

CVE: CVE-2007-6506

BID: 26950