HTTP: HP Instant Support Unsafe ActiveX Control
This signature detects attempts to exploit a known vulnerability in HP Instant Support. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ActiveX control in hpediag.dll in HP Software Update 4.000.009.002 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors. NOTE: this might overlap CVE-2007-6513.
Affected Products
Hp software_update
Short Name
HTTP:STC:ACTIVEX:HPSUPPORT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2008-0712 Control HP Instant Support Unsafe bid:28929
Release Date
08/12/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Hp
CVSS Score
6.8