14 DAY TRIAL // This could be only bad news for the HP notebook owners who are using Windows XP Home, Windows XP Pro, Windows 2000, Windows 2003 or Windows Vista: a vulnerability was discovered in HP Info Center, which can be used by an attacker to compromise an affected system or access all sorts of system details, as security company Secunia wrote in a notification published today. HP Info Center is an application pre-installed on most HP notebooks and is supposed to provide hardware and system information to its users. Secunia rated the flaw as highly critical and informed the affected version is 1.0.1.1.
According to a post on milw0rm.com, numerous laptop models are delivered with the vulnerable solution, including: HP 510/530 Notebook PC, HP Compaq 8710w/8710p, HP Compaq NC series Business Notebook PC, HP Compaq NX series Business Notebook PC and HP Compaq NW series Mobile Workstation.
In order to conduct a successful exploit, Internet Explorer has to be used for browsing the web. In case another web browser is installed and used, the attacker can conduct the attack only through IE.
"Any attack vector will always begin with a try to induce remote user owning a vulnerable machine to launch the attackers controlled WWW link. If the victim uses diffrent browser than IE attacker will probably attempt to induce to open the malicious webstite from within IE. After that the attack will follow automatic and without any need of interaction with the victim", it is said in the post mentioned above.
In case you're one of the affected users, you're probably looking for the solution to avoid a successful exploitation. Well, one solution would be setting "the kill-bit for the affected ActiveX control", as Secunia stated. In addition, you're advised to use other browser than Internet Explorer and wait until HP releases a patch to correct the issue.