• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP HPeDiag ActiveX Control Multiple Information Disclosure and Remote Code Execution Vulnerabilities

HPeDiag ActiveX control is prone to multiple information-disclosure and remote code-execution vulnerabilities.

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.

Successfully exploiting these issues would allow an attacker to execute arbitrary code within the context of the application that invokes the ActiveX control (typically Internet Explorer) and to obtain sensitive information.