Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

HP Notebook Owners in Danger! Both Windows XP and Windows Vista Affected!

Vulnerability found in HP Info Center

By Bogdan Popa, Security and Search Engines Editor

12th of December 2007, 10:54 GMT

Adjust text size:


HP 530 Notebook PC is one of the laptops that come with the preinstalled software
Enlarge picture
This could be only bad news for the HP notebook owners who are using Windows XP Home, Windows XP Pro, Windows 2000, Windows 2003 or Windows Vista: a vulnerability was discovered in HP Info Center, which can be used by an attacker to compromise
an affected system or access all sorts of system details, as security company Secunia wrote in a notification published today. HP Info Center is an application pre-installed on most HP notebooks and is supposed to provide hardware and system information to its users. Secunia rated the flaw as highly critical and informed the affected version is 1.0.1.1.

According to a post on milw0rm.com, numerous laptop models are delivered with the vulnerable solution, including: HP 510/530 Notebook PC, HP Compaq 8710w/8710p, HP Compaq NC series Business Notebook PC, HP Compaq NX series Business Notebook PC and HP Compaq NW series Mobile Workstation.

In order to conduct a successful exploit, Internet Explorer has to be used for browsing the web. In case another web browser is installed and used, the attacker can conduct the attack only through IE.

"Any attack vector will always begin with a try to induce remote user owning a vulnerable machine to launch the attackers controlled WWW link. If the victim uses diffrent browser than IE attacker will probably attempt to induce to open the malicious webstite from within IE. After that the attack will follow automatic and without any need of interaction with the victim", it is said in the post mentioned above.

In case you're one of the affected users, you're probably looking for the solution to avoid a successful exploitation. Well, one solution would be setting "the kill-bit for the affected ActiveX control", as Secunia stated. In addition, you're advised to use other browser than Internet Explorer and wait until HP releases a patch to correct the issue.

TAGS:

 hp | security | vulnerability | flaw


Rating:
Good (3.0/5) 4 vote(s) so far    

Read by 1,674 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Top International Linux Security Certification Goes to HP

HP Buys Software Development Firm

Thin Client Computing Attracts HP

HP to Take Over Bull

New HP Laser Printers

HP Gaming PC with AVG Pre-Installed

User opinions:


Comment #1 by: Eric on 12 Dec 2007, 16:48 GMT reply to this comment

It would be helpful if Softpedia show the date that these articles are posted/published


Comment #2 by: Jan on 12 Dec 2007, 22:08 GMT reply to this comment

@eric - it actually shows the date, just under "TAGS"...
but yeah, it's kind of difficult to spot. :)

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive