CVE-2007-5604
published 2008-06-04CVE-2007-5604: Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.67%
95.5th percentile
Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | instant_support | <= 1.0.0.23 | — |
| hp | instant_support | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7cf-4vwj-vvw2: Buffer overflow in the RegistryString function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-5607 [HIGH] CWE-94 GHSA-f7cf-4vwj-vvw2: Buffer overflow in the RegistryString function in the HPISDataManagerLib
Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.
GHSA
GHSA-f469-v24c-6rxv: Buffer overflow in the ExtractCab function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5604 [CRITICAL] CWE-94 GHSA-f469-v24c-6rxv: Buffer overflow in the ExtractCab function in the HPISDataManagerLib
Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.
GHSA
GHSA-5f85-8p5w-q6v9: Buffer overflow in the MoveFile function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-5606 [HIGH] GHSA-5f85-8p5w-q6v9: Buffer overflow in the MoveFile function in the HPISDataManagerLib
Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.
GHSA
GHSA-r9rr-8ghm-9j5g: Buffer overflow in the GetFileTime function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-5605 [HIGH] GHSA-r9rr-8ghm-9j5g: Buffer overflow in the GetFileTime function in the HPISDataManagerLib
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.
No detection rules found.
Exploit-DB
Microsoft Excel - FEATHEADER Record (MS09-067)
exploitdb·2010-08-21·CVSS 7.8
CVE-2009-3129 [HIGH] Microsoft Excel - FEATHEADER Record (MS09-067)
Microsoft Excel - FEATHEADER Record (MS09-067)
---
#MS Excel Malformed FEATHEADER Record Exploit
#CVE-2009-3129, MS09-067, OSVDB-59860
#Vulnerble application MS office 2003/2007
#Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606
#Sean Larsson - Original Discovery
#!/usr/bin/python
import sys
import zlib
#Allwin WinExec cmd.exe + ExitProcess Shellcode - 195 bytes by RubberDuck =)
shellcode = (
b"\xFC\x33\xD2\xB2\x30\x64\xFF\x32\x5A\x8B"
b"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x33\xC9"
b"\xB1\x18\x33\xFF\x33\xC0\xAC\x3C\x61\x7C"
b"\x02\x2C\x20\xC1\xCF\x0D\x03\xF8\xE2\xF0"
b"\x81\xFF\x5B\xBC\x4A\x6A\x8B\x5A\x10\x8B"
b"\x12\x75\xDA\x8B\x53\x3C\x03\xD3\xFF\x72"
b"\x34\x8B\x52\x78\x03\xD3\x8B\x72\x20\x03"
b"\xF3\x33\xC9\x41\xAD\x03\xC3\x81\x38\x47"
b"\x65\x74\x50\x75\xF4\x81\x78\x04\x72\x6F"
b"\x
Exploit-DB
HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow
exploitdb·2008-06-03
CVE-2007-5604 HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow
HP Instant Support 1.0.22 - 'HPISDataManager.dll ExtractCab' ActiveX Control Buffer Overflow
---
source: https://www.securityfocus.com/bid/29529/info
HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
HP Instant Support 1.0.0.22 and earlier versions are affected.
NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own
No writeups or analysis indexed.
http://secunia.com/advisories/30516http://www.csis.dk/dk/forside/CSIS-RI-0003.pdfhttp://www.kb.cert.org/vuls/id/754403http://www.securityfocus.com/bid/29526http://www.securitytracker.com/id?1020165http://www.vupen.com/english/advisories/2008/1740/referenceshttp://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264https://exchange.xforce.ibmcloud.com/vulnerabilities/42844http://secunia.com/advisories/30516http://www.csis.dk/dk/forside/CSIS-RI-0003.pdfhttp://www.kb.cert.org/vuls/id/754403http://www.securityfocus.com/bid/29526http://www.securitytracker.com/id?1020165http://www.vupen.com/english/advisories/2008/1740/referenceshttp://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264https://exchange.xforce.ibmcloud.com/vulnerabilities/42844
2008-06-04
Published