CVE-2008-0953
published 2008-06-04CVE-2008-0953: The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to…
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.82%
94.5th percentile
The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | instant_support | <= 1.0.0.23 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c9m8-8cfg-x353: The AppendStringToFile function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0952 [CRITICAL] GHSA-c9m8-8cfg-x353: The AppendStringToFile function in the HPISDataManagerLib
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
GHSA
GHSA-g6f2-vq83-q999: The StartApp function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-0953 [CRITICAL] GHSA-g6f2-vq83-q999: The StartApp function in the HPISDataManagerLib
The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
GHSA
GHSA-9xhf-xpf3-3rx2: The DownloadFile function in the HPISDataManagerLib
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-5608 [CRITICAL] GHSA-9xhf-xpf3-3rx2: The DownloadFile function in the HPISDataManagerLib
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/30516http://www.csis.dk/dk/forside/CSIS-RI-0003.pdfhttp://www.kb.cert.org/vuls/id/998779http://www.securityfocus.com/bid/29526http://www.securityfocus.com/bid/29533http://www.securitytracker.com/id?1020165http://www.vupen.com/english/advisories/2008/1740/referenceshttp://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264https://exchange.xforce.ibmcloud.com/vulnerabilities/42851http://secunia.com/advisories/30516http://www.csis.dk/dk/forside/CSIS-RI-0003.pdfhttp://www.kb.cert.org/vuls/id/998779http://www.securityfocus.com/bid/29526http://www.securityfocus.com/bid/29533http://www.securitytracker.com/id?1020165http://www.vupen.com/english/advisories/2008/1740/referenceshttp://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264https://exchange.xforce.ibmcloud.com/vulnerabilities/42851
2008-06-04
Published