CVE-2007-3487

HP Photo Digital Imaging ActiveX Control - Arbitrary File Write via saveXMLAsFile Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3487. PoCs published by callAX.

AI-analyzed exploit summary This exploit leverages an arbitrary file write vulnerability in hpqxml.dll 2.0.0.133 via the saveXMLAsFile method, which does not validate the file path or headers. It allows writing arbitrary data to any file on the system when triggered via a malicious webpage.

Description

Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/4119

View Code ZIP pw:eip

This exploit leverages an arbitrary file write vulnerability in hpqxml.dll 2.0.0.133 via the saveXMLAsFile method, which does not validate the file path or headers. It allows writing arbitrary data to any file on the system when triggered via a malicious webpage.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: HP Digital Imaging hpqxml.dll 2.0.0.133

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer

MITRE ATT&CK

T1220 - XSL Script Processing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37675

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35124

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2846

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/472384/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25869

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4119

Scores

EPSS 0.0877

EPSS Percentile 94.5%

Details

CWE

CWE-22

Status published

Products (1)

hp/photo_digital_imaging_activex_control 2.0.0.133

Published Jun 29, 2007

Tracked Since Feb 18, 2026