9.3
CVE-2007-6506
- EPSS 16.35%
- Veröffentlicht 20.12.2007 23:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hp ≫ Software Update Version <= 4.000.005.007
Hp ≫ Software Update Version3.0.8.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 16.35% | 0.966 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://blogs.zdnet.com/security/?p=768
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
http://it.slashdot.org/it/07/12/20/2327242.shtml
http://secunia.com/advisories/28177
http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
http://www.securityfocus.com/archive/1/485451/100/0/threaded
http://www.securityfocus.com/archive/1/485734/100/0/threaded
http://www.securityfocus.com/bid/26950
http://www.securitytracker.com/id?1019133
http://www.vupen.com/english/advisories/2007/4271
https://exchange.xforce.ibmcloud.com/vulnerabilities/39153
https://www.exploit-db.com/exploits/4757