Intrusion Prevention

HP.HPeDiag.ActiveX.Control.Access

Description

This indicates an attack attempt against information disclosure and remote code execution vulnerabilities of HPeDiag ActiveX control located in hpediag.dll.
A remote attacker may be able to access arbitrary files or registry keys, and possibly execute code on a vulnerable system.

Affected Products

HP hpediag.dll, version 4.000.009.002

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Update to version 4.000.010.008 using the HP Update Software.

CVE References

CVE-2008-2390 CVE-2008-0712