bit-tech.net

HP laptops have remote vulnerability

HP laptops have remote vulnerability

HP Notebooks - now with added security flaws as standard.

If you own an HP laptop and haven't blitzed the default install, now might be the time to do so. A post to the milw0rm.com vulnerability database contains details of a vulnerability in the software supplied by HP which can allow remote users to run arbitrary executables on your pride and joy.

The problem lies with the HP Info Center, an ActiveX based tool provided by HP for support purposes. Although the software is designed to help users fix problems they may have, it seems that it has a few bugs which could have exactly the opposite effect.

The Info Center ActiveX control is marked by default as “Safe for Scripting”, which means it is tied into Internet Explorer and has full system access.

Because the flaw lies in the HP Info Center package and not the host operating system, your system could be vulnerable whether you're running any version of Windows and even if you're fully up to date with patches and service packs.

All that is needed for a cracker to execute code on your system is for you to be lured to a malicious link in Internet Explorer – once you've clicked, your system is theirs. Users of alternative browsers such as Firefox are not thought to be at risk, especially if you use the excellent NoScript add-on.

HP has yet to comment on the vulnerability, so to protect your systems it might be a good idea to switch your browser to one that doesn't use ActiveX until such time as they acknowledge the issue and release a fix.

If you're feeling technical, milw0rm.com have all the juicy details.

Any HP users out there feeling a bit worried by this turn of events, or is everyone using Firefox or Opera? Let us know via the forums.

6 Comments

Discuss in the forums Reply
proxess 13th December 2007, 14:55 Quote
Where's the link to Firefox?!?! Tho I own an Asus, I obviously stripped my windows clean... clean off the system!
kenco_uk 13th December 2007, 15:29 Quote
I think I took this off mine
TreeDude 13th December 2007, 20:47 Quote
The first thing any laptop owner should do is get rid of all the manufacturers crappy bloatware. Or do a fresh install themselves. Though I suppose most people are not that savy and probably think that stuff needs to be there. I work in an IT dept and have had a few people come to us with new laptops so we can make sure everything is ok with it and install any apps we feel are essential. Usually we clean it out and install spybot, spyblaster, and AVG (if they didn't buy an antivirus).
C-Sniper 13th December 2007, 22:27 Quote
I have Slackware running on my HP laptop so no problems here! :)
DXR_13KE 13th December 2007, 22:57 Quote
Quote:
Originally Posted by proxess
Where's the link to Firefox?!?! Tho I own an Asus, I obviously stripped my windows clean... clean off the system!

what is that thing called windows xp in that ntfs partition over there? must be bad porn....
leexgx 13th December 2007, 23:13 Quote
http://www.opera.com (has all you need in one / Full propper muti tab support {allso remembers last opended tabs})
http://www.firefox.com (just add No-name script more questons but very safe)
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums