• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP Instant Support 'HPISDataManager.dll' ActiveX Control Arbitrary File Download Vulnerability

HP Instant Support ActiveX control in 'HPISDataManager.dll' is prone to a vulnerability that lets attackers download arbitrary files.

Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer. The attacker can also specify arbitrary download locations on the target system.

NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information.