Unrated severityNVD Advisory· Published Dec 20, 2007· Updated Apr 23, 2026

CVE-2007-6506

Description

The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 4.000.005.007 and earlier, including 3.0.8.4, allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.

Affected products

Microfocus/Software Update2 versions
cpe:2.3:a:hp:software_update:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hp:software_update:*:*:*:*:*:*:*:*range: <=4.000.005.007
- cpe:2.3:a:hp:software_update:3.0.8.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/26950nvdExploit
secunia.com/advisories/28177nvdVendor Advisory
www.vupen.com/english/advisories/2007/4271nvdVendor Advisory
blogs.zdnet.com/security/nvd
computerworld.com/action/article.donvd
it.slashdot.org/it/07/12/20/2327242.shtmlnvd
www.anspi.pl/~porkythepig/hp-issue/wyfukanyszynszyl.txtnvd
www.securityfocus.com/archive/1/485451/100/0/threadednvd
www.securityfocus.com/archive/1/485734/100/0/threadednvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/39153nvd
www.exploit-db.com/exploits/4757nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.023
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000