Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP Notebook PC Quick Launch Button (QLB) Software Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access
Informations
Name HPSBGN02298 SSRT071502 First vendor Publication 2007-12-14
Vendor HP Last vendor Modification 2008-02-22
Severity (Vendor) N/A Revision 3

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with certain versions of the HP Notebook PC Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
41879 HP Info Center HPInfoDLL.HPInfo ActiveX (hpinfocenter.exe) GetRegValue Method...
41878 HP Info Center HPInfoDLL.HPInfo ActiveX (hpinfocenter.exe) SetRegValue Method...
41877 HP Info Center HPInfoDLL.HPInfo ActiveX (hpinfocenter.exe) LaunchApp Method T...

Nessus® Vulnerability Scanner

Date Description
2007-12-18 Name : The remote Windows host has an ActiveX control that is affected by remote cod...
File : hp_hpinfodll_activex.nasl - Type : ACT_GATHER_INFO