HP Instant Support HPISDataManager.dll ActiveX Control < 1.0.0.24 Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has several ActiveX controls that are affected
by multiple vulnerabilities.

Description :

The remote host contains several ActiveX controls in HP Instant
Support HPISDataManager.dll, a web-based diagnostic tool from
Hewlett-Packard.

The version of the controls installed on the remote host reportedly
are affected by several issues. If an attacker can trick a user on
the affected host into viewing a specially crafted HTML document,
this method could be used to execute arbitrary code by means of
buffer overflows or to execute delete, download, and write to
arbitrary files on the affected system, all subject to the user's
privileges.

See also :

http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
http://seclists.org/bugtraq/2008/Jun/29
http://seclists.org/bugtraq/2008/Jun/26

Solution :

Upgrade to HP Instant Support version 1.0.0.24 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33095 (hpisdatamanager_activex_1_0_0_24.nasl)

Bugtraq ID: 29529
29530
29531
29532
29533
29534
29535
29536

CVE ID: CVE-2007-5604
CVE-2007-5605
CVE-2007-5606
CVE-2007-5607
CVE-2007-5608
CVE-2007-5610
CVE-2008-0952
CVE-2008-0953

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now