CVE-2008-0953

HPISDataManagerLib.Datamgr <1.0.0.24 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0953. PoCs published by Dennis Rand.

AI-analyzed exploit summary This exploit leverages an insecure method vulnerability in the HP Instant Support ActiveX control (HPISDataManager.dll) to execute arbitrary applications. The PoC uses VBScript to call the 'StartApp' method with a malicious executable path.

Description

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dennis Rand · xmldoswindows

https://www.exploit-db.com/exploits/31876

View Code ZIP pw:eip

This exploit leverages an insecure method vulnerability in the HP Instant Support ActiveX control (HPISDataManager.dll) to execute arbitrary applications. The PoC uses VBScript to call the 'StartApp' method with a malicious executable path.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HP Instant Support 1.0.0.22 and earlier

No auth needed

Prerequisites: Victim must have the vulnerable ActiveX control installed · Attacker must deliver the exploit via a malicious webpage or document

MITRE ATT&CK