Unrated severityNVD Advisory· Published Dec 13, 2007· Updated Apr 23, 2026

CVE-2007-6331

Description

Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.

Affected products

Microfocus/Info Center
cpe:2.3:a:hp:info_center:1.0.1.1:*:*:*:*:*:*:*
Microfocus/Quick Launch Button
cpe:2.3:a:hp:quick_launch_button:*:*:*:*:*:*:*:*
Range: <=6.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/26823nvdExploit
secunia.com/advisories/28055nvdVendor Advisory
h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
securitytracker.com/idnvd
www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txtnvd
www.securityfocus.com/archive/1/484880/100/100/threadednvd
www.vupen.com/english/advisories/2007/4192nvd
exchange.xforce.ibmcloud.com/vulnerabilities/38991nvd
www.exploit-db.com/exploits/4720nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000