Description
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by porkythepig · textdoswindows
https://www.exploit-db.com/exploits/4757
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019133
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=768
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/485451/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28177
Various Sources x_refsource_misc
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4757
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39153
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4271
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26950
Various Sources x_refsource_misc
http://www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txt
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/485734/100/0/threaded
Various Sources x_refsource_misc
http://it.slashdot.org/it/07/12/20/2327242.shtml
Scores
EPSS
0.2841
EPSS Percentile
96.5%
Details
Status
published
Products (2)
hp/software_update
3.0.8.4
hp/software_update
< 4.000.005.007
Published
Dec 20, 2007
Tracked Since
Feb 18, 2026