Vulnerability Description
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Info Center | 1.0.1.1 |
| Hp | Quick Launch Button | <= 6.3 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486
- http://secunia.com/advisories/28055Vendor Advisory
- http://securitytracker.com/id?1019086
- http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txtExploit
- http://www.securityfocus.com/archive/1/484880/100/100/threaded
- http://www.securityfocus.com/bid/26823Exploit
- http://www.vupen.com/english/advisories/2007/4192Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38994
- https://www.exploit-db.com/exploits/4720
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486
- http://secunia.com/advisories/28055Vendor Advisory
- http://securitytracker.com/id?1019086
- http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txtExploit
- http://www.securityfocus.com/archive/1/484880/100/100/threaded
- http://www.securityfocus.com/bid/26823Exploit
FAQ
What is CVE-2007-6332?
CVE-2007-6332 is a vulnerability with a CVSS score of 9.3 (HIGH). The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Wi...
How severe is CVE-2007-6332?
CVE-2007-6332 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6332?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Info Center, Hp Quick Launch Button.