CVE-2007-3554 - Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Suppo

CVE-2007-3554

Summary

Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.

References

Vulnerable Configurations

cpe:2.3:a:hp:instant_support:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:instant_support:*:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 15-10-2018 - 21:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	24730
bugtraq	20070703 Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control
hp	HPSBPI02228 SSRT071404
misc	http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Exploits&argument=Remote&topic=1183360239.ff.php&page=last
osvdb	37832
sectrack	1018331
secunia	25918
vupen	ADV-2007-2413
xf	hp-instantsupport-drivercheck-bo(35228)

Last major update

15-10-2018 - 21:29

Published

04-07-2007 - 15:30

Last modified

15-10-2018 - 21:29