The HP Online Support Service ActiveX control, also known as HPISDataManager.dll, suffers from eight vulnerabilities. Five of them allow for arbitrary code execution. Proof of concept code included. It only took Hewlett Packard 207 days to fix this!
http://www.packetstormsecurity.org/0806-exploits/CSIS-RI-0003.pdf
--------------
HP has released HPISDataManager.dll version 1.0.0.24 to address these vulnerabilities.
No comments:
Post a Comment