Vulnerability in HP Customer Support Software Encourages Malicious Exploitation
According to CSIS Security Group, on June 4, 2008, customer support software that comes pre-installed in Hewlett-Packard (HP) computers provides users with default updates of HP software and drivers. But flaws in ActiveX components in HP Instant Support results in several vulnerabilities that could be exploited to evade security restrictions, allowing hackers to compromise a user's computer.
CSIS has identified eight different security flaws in the application. Of these five are rated as highly critical as they allow execution of remote code. The software versions that are vulnerable to attacks are HP Instant Support HPISDataManager.dll 22.214.171.124 and earlier. HP is, therefore, advising users to install the updated version 126.96.36.199 through its security bulletin.
The Security ...
» SPAMfighter News - 16-06-2008