CVE-2008-2390

{"id": "CVE-2008-2390", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2008-05-21T13:24:00.000", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5511", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42249", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5511", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument."}, {"lang": "es", "value": "Hpufunction.dll 4.0.0.1 de HP Software Update expone los m\u00e9todos inseguros (1) ExecuteAsync y (2)Execute, lo cual permite a atacantes remotos ejecutar c\u00f3digo arbitrariam0<1.2 ente a trav\u00e9s de un nombre de ruta absoluto en el primer argumeto."}], "lastModified": "2024-11-21T00:46:46.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:software_update:4.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94C701F8-ED7F-48A9-9531-14C672E72DAE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}