HP Laptops Plagued With Multiple Zero-day Vulnerabilities
Almost 24 various notebook models retailed by Hewlett-Packard Co. (HP) shipped with a software affected by numerous zero-day flaws, security experts declared on December 12, 2007, as reported by COMPUTERWORLD on December 12, 2007.
The glitches are in an ActiveX control incorporated within the HP Info Center program preloaded on both Hewlett-Packard and Compaq-Presario brands of notebooks operating Server 2003, Vista, Windows 2000, and XP, informed Symantec Corp. in a message to the users of its DeepSight threat management system.
As per a caution placed on Milw0rm.com, the trouble originates from the HP Info Center code that exists as a default option on majority of the HP laptops. It seems that an ActiveX control, to be precise HPInfoDLL.dll, employs three vulnerable techniques that would permit cyber-terrorists to control the computer and begin strikes based on the exploitation of remote code process and remote registry. Though the Web browser of Microsoft is very insecure, but the same type of assault is supposedly unsuccessful against Safari, Firefox or Opera.
Every cyber criminal will often start with an endeavor to tempt a remote client having an insecure computer to open the hacker operated web link. Whenever the target uses a browser other than Internet Explorer (IE), the hacker tries to persuade him/her to click open the malevolent site from IE only. Afterwards, hacking follows automatically, without any contact with the target, notified the advisory reported on December 12, 2007 by PORTALIT.
The individual who detected the flaw and is known as 'porkythe pig' alleged that the ActiveX control has been dispatched with 23 other laptops and it has been proven to be executing the faulty control.
The cyber-terrorist ('porkythe pig') also took a stab at HP through the e-mails on Bugtraq and milw0rm.com. The firm is caught up in the battle for security software patents, and should pay greater attention towards customers' security instead of raking profits from the rights to the creation of the group, remarked porkythepig, reported COMPUTERWORLD on December 12, 2007.
HP for the second consecutive time in 2007 has encountered security problems with software that comes with its notebooks.
» SPAMfighter News - 26-12-2007