Signature Detail

HTTP: HP Software Update Tool ActiveX Control File Overwrite

This signature detects attempts to exploit an arbitrary file overwrite vulnerability in the HP Software Update, shipped with many HP systems. It is due to a design weakness in an ActiveX component that is used to download patches and updates for the HP software. A remote attacker can persuade a target user to open a malicious Web page to overwrite sensitive files on the local system's file system and potentially corrupt the operating system, and/or execute arbitrary code on the system with privileges of the logged in user. The target computer can lose its function partially or entirely, depending on the specific files that are corrupted in an attack. Reinstallation of operating system can be required to restore the function of the target system. If the attack leads to code execution, the behavior of the target depends on the intention of the attacker. Any injected code is executed within the security context of the currently logged in user.

Extended Description

HP Software Update 'RulesEngine.dll' ActiveX control is prone to multiple vulnerabilities that attackers can exploit to overwrite arbitrary user files and SYSTEM files. The issues stem from insecure methods used within 'RulesEngine.dll'. An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page. Successfully exploiting these issues allows remote attackers to overwrite arbitrary user files as well as critical SYSTEM files, which can prevent the computer from restarting. HP Software Update 3.0.8.4 with 'RulesEngine.dll' ActiveX control 1.0 is vulnerable; other versions may also be affected. Note that multiple HP laptop models ship with this software.

Affected Products

• HP Software Update 3.0.8.4

References

• BugTraq: 26950
• CVE: CVE-2007-6506