CVE-2007-6331

critical HPE
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
6.9%
Exploitation probability in 30 days
Top 9% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 13, 2007 (6726 days ago)
Last Modified: April 23, 2026
Vendor: HPE
Source: NVD

Description

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

CWE

CWE-22

Affected Products

hp info centerhp quick launch button

References

🔗 h20000.www2.hp.com 🔗 secunia.com 🔗 securitytracker.com 🔗 www.anspi.pl 🔗 www.securityfocus.com