HP Laptops Vulnerable to Remote Code Execution
Before you run out to buy an HP laptop for someone on your Christmas list, check out the list of models that are vulnerable to a remote code execution vulnerability. The problem stems from HP's management software installed on the laptops. According to Bugtraq:
Software called "HP Info Center" is shipped with almost every HP laptop model for few years.It is designed to support user with quick system information and hardware configuration
using single button touch.
One of its ActiveX controls deployed by default by the vendor has three insecure methods
that allow a malicious person to target the HP notebook machines for a remote code execution
and remote registry manipulation based attacks.
The Register reports:
There is no patch for the flaw at the moment, so the only way to block an attack is to exercise common sense. That means not clicking on suspicious links and installing an alternative to Internet Explorer, which is required for an exploit to work. In Firefox, using the NoScript extension is preferable. Other workarounds include manually settling kill-bit for a vulnerable ActiveX control, but that seems like overkill.
For a list of vulnerable models, see the BugTraq posting.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
