HTTP: HP Instant Support HPISDataManager.dll Unsafe ActiveX Control
This signature detects attempts to use an unsafe ActiveX control in HP Instant Support. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
HP Instant Support ActiveX control in 'HPISDataManager.dll' is prone to a vulnerability that lets attackers download arbitrary files. Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage. Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer. The attacker can also specify arbitrary download locations on the target system. NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information.
Affected Products
Hp instant_support
Short Name
HTTP:STC:ACTIVEX:HPIS-DATA-MGR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2007-5604 CVE-2007-5605 CVE-2007-5606 CVE-2007-5607 CVE-2007-5608 CVE-2007-5610 CVE-2008-0952 CVE-2008-0953 Control HP HPISDataManager.dll Instant Support Unsafe bid:29526 bid:29529 bid:29530 bid:29531 bid:29532 bid:29533 bid:29534 bid:29535 bid:29536
Release Date
11/05/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
7.5
9.3
10.0