CVE-2007-6331

critical

Description

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

References

https://www.exploit-db.com/exploits/4720

https://exchange.xforce.ibmcloud.com/vulnerabilities/38991

http://www.vupen.com/english/advisories/2007/4192

http://www.securityfocus.com/archive/1/484880/100/100/threaded

http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

http://securitytracker.com/id?1019086

http://secunia.com/advisories/28055

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486

Details

Source: Mitre, NVD

Published: 2007-12-13

Updated: 2018-10-15

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical