• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Multiple HP Products hpqutil.dll ActiveX Control Heap Buffer Overflow Vulnerability

HP All-in-One Series Web Release and HP Photo and Imaging Gallery are prone to a heap-based buffer-overflow vulnerability because the applications fail to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

NOTE: This BID is being retired because the vulnerability discussed is covered in BID 25697 (Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability).