The researcher posted proof-of-concept code for the attack.
One of [the software's] ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution and remote registry manipulation-based attacks,” the researcher wrote.
If a victim is duped into visiting a malicious webpage, the attacker could take advantage of vulnerable ActiveX control – HPInfoDLL.dll – which could fire off the exploit.
If the victim goes to a vulnerable website, the website can invoke the ActiveX control and possibly download a trojan or a backdoor or a keylogger on the machine,” Amol Sarwate, director of the vulnerability research lab at Qualys, told SCMagazineUS.com
About 15 different series of HP and HP Compaq notebooks are affected by the bug, according to the Milw0rm post. The machines are widely used in businesses, Sarwate said.
In lieu of a patch, users should set the kill-bit for the affected ActiveX control, according to an advisory today from Secunia, which rated the vulnerability “highly critical.” Users should also avoid visiting untrusted websites, Sarwate said.
An HP spokesperson did not respond to a request for comment.
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
