CyberSec.Space Logo
Back to CVE Browser

CVE-2007-5608

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1700%
EPSS Percentile20.53th
PublishedJun 4, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.

Affected Platforms (CPE)

πŸ“¦
Hp

Instant Support

<= 1.0.0.23

References & Advisories

πŸ”— http://secunia.com/advisories/30516
πŸ”— http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
πŸ”— http://www.kb.cert.org/vuls/id/949587
πŸ”— http://www.securityfocus.com/bid/29526
πŸ”— http://www.securityfocus.com/bid/29530
πŸ”— http://www.securitytracker.com/id?1020165
πŸ”— http://www.vupen.com/english/advisories/2008/1740/references
πŸ”— http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01422264

Related Vulnerabilities

CVE-2008-095310.0

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0....

CVE-2007-560610.0

Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Su...

CVE-2007-561010.0

The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support befor...

CVE-2007-56059.3

Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant...