Vulnerability Description
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Software Update | <= 4.000.005.007 |
References
- http://blogs.zdnet.com/security/?p=768
- http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=90
- http://it.slashdot.org/it/07/12/20/2327242.shtml
- http://secunia.com/advisories/28177Vendor Advisory
- http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
- http://www.securityfocus.com/archive/1/485451/100/0/threaded
- http://www.securityfocus.com/archive/1/485734/100/0/threaded
- http://www.securityfocus.com/bid/26950Exploit
- http://www.securitytracker.com/id?1019133
- http://www.vupen.com/english/advisories/2007/4271Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39153
- https://www.exploit-db.com/exploits/4757
- http://blogs.zdnet.com/security/?p=768
- http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=90
- http://it.slashdot.org/it/07/12/20/2327242.shtml
FAQ
What is CVE-2007-6506?
CVE-2007-6506 is a vulnerability with a CVSS score of 9.3 (HIGH). The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbit...
How severe is CVE-2007-6506?
CVE-2007-6506 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6506?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Software Update.