vendor:
HP Instant Support
by:
SecurityFocus
7.5
CVSS
HIGH
Insecure-Method Vulnerability
20
CWE
Product Name: HP Instant Support
Affected Version From: 1.0.0.22
Affected Version To: 1.0.0.22
Patch Exists: Yes
Related CWE: N/A
CPE: a:hewlett_packard:hp_instant_support
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
HP Instant Support ‘HPISDataManager.dll’ ActiveX control Insecure-Method Vulnerability
HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to an insecure-method vulnerability. Successfully exploiting this issue allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer). Note that if the attacker could place a malicious executable on the system, they would be able to launch it using this vulnerability.
Mitigation:
Upgrade to the latest version of HP Instant Support.