The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and previous versions, including 3.0.8.4, allows remote malicious users to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hp software update |
||
hp software update 3.0.8.4 |