• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP Software Update 'RulesEngine.dll' ActiveX Control Multiple File Overwrite Vulnerabilities

HP Software Update 'RulesEngine.dll' ActiveX control is prone to multiple vulnerabilities that attackers can exploit to overwrite arbitrary user files and SYSTEM files. The issues stem from insecure methods used within 'RulesEngine.dll'.

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.

Successfully exploiting these issues allows remote attackers to overwrite arbitrary user files as well as critical SYSTEM files, which can prevent the computer from restarting.

HP Software Update 3.0.8.4 with 'RulesEngine.dll' ActiveX control 1.0 is vulnerable; other versions may also be affected.

Note that multiple HP laptop models ship with this software.