ISS X-Force Database: hpsoftware-rulesengine-file-overwrite(39153): HP Software Update HPRulesEngine.ContentCollection.1 ActiveX control file overwrite

HP Software Update HPRulesEngine.ContentCollection.1 ActiveX control file overwrite

hpsoftware-rulesengine-file-overwrite (39153)

Medium Risk

Description:

The HP Software Update HPRulesEngine.ContentCollection.1 ActiveX control (RulesEngine.dll) could allow a remote attacker to overwrite arbitrary files on the system. By persuading a victim to visit a malicious Web site that passes a specially-crafted argument to the SaveToFile() method, an attacker could exploit this vulnerability to overwrite and corrupt system kernel files rendering the remote machine unresponsive.

Platforms Affected:

HP, Software Update 3.0.8.4
Microsoft, Internet Explorer 6
Microsoft, Internet Explorer 7
Microsoft, Windows Vista
Microsoft, Windows XP Home
Microsoft, Windows XP Professional

Remedy:

Refer to HPSBGN02301 SSRT071508 rev.2 for patch, upgrade, or suggested workaround information. See References.

Consequences:

File Manipulation

References:

BugTraq Mailing List, Fri Dec 21 2007 - 16:12:41 CST , HPSBGN2301 SSRT071508 rev.1 - HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access at http://archives.neohapsis.com/archives/bugtraq/2007-12/0274.html.
BugTraq Mailing List, Wed Dec 19 2007 - 14:39:51 CST, HP laptops Software Update tool vulnerability at http://archives.neohapsis.com/archives/bugtraq/2007-12/0248.html.
HPSBGN02301 SSRT071508 rev.2, HP Software Update Running on Windows, Remote Execution of Arbitrary Code, Gain Privileged Access at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01311918&jumpid=reg_R1002_USEN.
BID-26950: HP Software Update 'RulesEngine.dll' ActiveX Control Multiple File Overwrite Vulnerabilities
CVE-2007-6506: The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
SA28177: HP Software Update ContentCollection Class ActiveX Control Insecure Method
SECTRACK ID: 1019133: HP Software Update ActiveX Control Has Unsafe Method That Lets Remote Users Damage Files or Execute Arbitrary Code
VUPEN/ADV-2007-4271: HP Software Update ActiveX Control Code Execution and File Corruption

Reported:

Dec 19, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page