Intrusion Prevention

HP.hpqutil.ActiveX.Control.Heap.Overflow

Description

HP All-in-One Series Web Release and HP Photo and Imaging Gallery are prone to a heap based buffer overflow vulnerability because the applications fail to perform adequate boundary checks on user supplied data. By persuading a victim to visit a specially crafted Web page, a remote attacker could overflow the heap and execute arbitrary code on a victim system with the privileges of the user, or cause the victim's browser to crash.

Affected Products

HP Photo and Image Gallery 1.1
HP All-in-One Series Web Release

Impact

Arbitrary code execution.

Recommended Actions

Currently we are not aware of any vendor supplied patches for this issue.

CVE References

CVE-2007-4916