HP Software Update HPRulesEngine.ContentCollection ActiveX (RulesEngine.dll) Multiple Insecure Methods

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that allows reading and
writing of arbitrary files.

Description :

The remote host contains the HP Software Update software, installed by
default on many HP notebooks to support automatic software updates and
vulnerability patching.

The version of this software on the remote host includes an ActiveX
control, 'RulesEngineLib', that reportedly contains two insecure
methods - 'LoadDataFromFile()' and 'SaveToFile()' - that are marked as
'Safe for Scripting' and allow for reading and overwriting arbitrary
files on the affected system. If a remote attacker can trick a user
on the affected host into visiting a specially crafted web page, this
issue could be leveraged to effectively destroy arbitrary files on the
remote host, potentially even files that are vital for its operation,
or to read the contents of arbitrary files.

See also :

http://www.securityfocus.com/archive/1/485325/30/0/threaded
http://www.securityfocus.com/advisories/13673

Solution :

Either use HP Software Update itself to update the software or disable
use of this ActiveX control from within Internet Explorer by setting
its kill bit.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 29747 (hp_update_rulesengine_activex_insecure.nasl)

Bugtraq ID: 26950

CVE ID: CVE-2007-6506

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now