CVE-2008-2390

HP Software Update - Code Injection

Title source: rule

Description

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by callAX · htmlremotewindows

https://www.exploit-db.com/exploits/5511

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42249

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5511

Scores

EPSS 0.0509

EPSS Percentile 89.8%

Details

CWE

CWE-94

Status published

Products (1)

hp/software_update 4.0.0.1

Published May 21, 2008

Tracked Since Feb 18, 2026