CVE-2007-6333 Information

Description

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0 as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe aka QLB) 6.3 and earlier allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01300486 http://secunia.com/advisories/28055 http://securitytracker.com/id?1019086 http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt http://www.securityfocus.com/archive/1/484880/100/100/threaded http://www.securityfocus.com/bid/26823 http://www.vupen.com/english/advisories/2007/4192 https://exchange.xforce.ibmcloud.com/vulnerabilities/38994 https://www.exploit-db.com/exploits/4720