CVE-2007-6506

critical HPE
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
28.4%
Exploitation probability in 30 days
Top 3% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: December 20, 2007 (6719 days ago)
Last Modified: April 23, 2026
Vendor: HPE
Source: NVD

Description

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

CWE

NVD-CWE-Other

Affected Products

hp software update

References

🔗 blogs.zdnet.com 🔗 computerworld.com 🔗 it.slashdot.org 🔗 secunia.com 🔗 www.anspi.pl