CVE-2007-6513

HP eSupportDiagnostics ActiveX control <1.0.11.0 - Info Disclosure

Title source: llm

Description

HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Elazar Broad · htmlremotewindows

https://www.exploit-db.com/exploits/30920

View Code ZIP pw:eip

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0470.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26967

[Various Sources] http://www.heise-security.co.uk/news/100934

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39156

Scores

EPSS 0.0852

EPSS Percentile 92.4%

Details

CWE

CWE-200

Status published

Products (1)

hp/esupportdiagnostics 1.0.11.0

Published Dec 21, 2007

Tracked Since Feb 18, 2026