CVE-2007-5608
published 2008-06-04CVE-2007-5608: The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote…
PriorityP339critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.59%
88.0th percentile
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | instant_support | <= 1.0.0.23 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c9m8-8cfg-x353: The AppendStringToFile function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0952 [CRITICAL] GHSA-c9m8-8cfg-x353: The AppendStringToFile function in the HPISDataManagerLib
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
GHSA
GHSA-g6f2-vq83-q999: The StartApp function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0953 [CRITICAL] GHSA-g6f2-vq83-q999: The StartApp function in the HPISDataManagerLib
The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
GHSA
GHSA-9xhf-xpf3-3rx2: The DownloadFile function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5608 [CRITICAL] GHSA-9xhf-xpf3-3rx2: The DownloadFile function in the HPISDataManagerLib
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/30516http://www.csis.dk/dk/forside/CSIS-RI-0003.pdfhttp://www.kb.cert.org/vuls/id/949587http://www.securityfocus.com/bid/29526http://www.securityfocus.com/bid/29530http://www.securitytracker.com/id?1020165http://www.vupen.com/english/advisories/2008/1740/referenceshttp://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264https://exchange.xforce.ibmcloud.com/vulnerabilities/42850http://secunia.com/advisories/30516http://www.csis.dk/dk/forside/CSIS-RI-0003.pdfhttp://www.kb.cert.org/vuls/id/949587http://www.securityfocus.com/bid/29526http://www.securityfocus.com/bid/29530http://www.securitytracker.com/id?1020165http://www.vupen.com/english/advisories/2008/1740/referenceshttp://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264https://exchange.xforce.ibmcloud.com/vulnerabilities/42850
2008-06-04
Published