Vulnerability in HP Customer Support Software Encourages Malicious Exploitation
According to CSIS Security Group, on June 4, 2008, customer support software that comes pre-installed in Hewlett-Packard (HP) computers provides users with default updates of HP software and drivers. But flaws in ActiveX components in HP Instant Support results in several vulnerabilities that could be exploited to evade security restrictions, allowing hackers to compromise a user's computer.
CSIS has identified eight different security flaws in the application. Of these five are rated as highly critical as they allow execution of remote code. The software versions that are vulnerable to attacks are HP Instant Support HPISDataManager.dll 220.127.116.11 and earlier. HP is, therefore, advising users to install the updated version 18.104.22.168 through its security bulletin.
The Security ...
» SPAMfighter News - 16-06-2008