|
HP Instant Support HPISDataManager.dll ActiveX Control Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA30516
|
|
|
Release Date:
|
2008-06-04
|
|
Last Update:
|
2008-06-09
|
|
Popularity:
|
3,327 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | HP Instant Support 1.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
| | CVE reference: | CVE-2007-5604
CVE-2007-5605
CVE-2007-5606
CVE-2007-5607
CVE-2007-5608
CVE-2007-5610
CVE-2008-0952
CVE-2008-0953
|
|
Description:
Some vulnerabilities have been reported in HP Instant Support, which potentially can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) Some vulnerabilities are caused due to boundary errors within the "ExtractCab()", "GetFileTime()", "MoveFile()", and "RegistryString()" methods of HPISDataManager.dll. These can be exploited to cause a buffer overflow via an overly long string passed to the affected methods when a user e.g. visits a malicious web page.
2) The HPISDataManager.dll ActiveX contains the insecure methods "AppendStringToFile()", "DownloadFile()", "StartApp()", and "DeleteSingleFile()", which can be exploited to e.g. overwrite, delete, and execute arbitrary files on a user's system and download files into the location of the ActiveX component by tricking a user into visiting a malicious web page.
The vulnerabilities are reported in HP Instant Support HPISDataManager.dll version 1.0.0.22 and earlier.
Solution:
Update to version 1.0.0.24. Choose "launch an online diagnostic session" at:
http://www.hp.com/go/ispe
Provided and/or discovered by:
Dennis Rand, CSIS Security Research and Intelligence
Changelog:
2008-06-04: Updated advisory with additional information provided by CSIS Security Research and Intelligence. Added link to "Original Advisory" section.
2008-06-05: Updated vendor link. Removed dead links in "Other References" section.
2008-06-09: Added US-CERT links.
Original Advisory:
HPSBMA02326 SSRT071490:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264
CSIS Security Research and Intelligence:
http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
Other References:
US-CERT VU#190939:
http://www.kb.cert.org/vuls/id/190939
US-CERT VU#221123:
http://www.kb.cert.org/vuls/id/221123
US-CERT VU#526131:
http://www.kb.cert.org/vuls/id/526131
US-CERT VU#558163:
http://www.kb.cert.org/vuls/id/558163
US-CERT VU#754403:
http://www.kb.cert.org/vuls/id/754403
US-CERT VU#857539:
http://www.kb.cert.org/vuls/id/857539
US-CERT VU#949587:
http://www.kb.cert.org/vuls/id/949587
US-CERT VU#998779:
http://www.kb.cert.org/vuls/id/998779
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
24 |
|
New vulnerabilities:
|
39 |
|
Updated advisories:
|
41 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
