lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C81131AE0CE8FC48B5B3D1F888FE33A3EDBB3D@maya.csis.local>
Date: Wed, 4 Jun 2008 12:20:17 +0200
From: "Dennis Rand" <rand@...s.dk>
To: <full-disclosure@...ts.grok.org.uk>
Subject: CSIS-RI-0003: Multiple buffer overflow
	vulnerabilities in HP ActiveX

Multiple buffer overflow vulnerabilities in HP Software

 

Hewlett-Packard (HP) is the world's largest PC dealer. According to IDC,
HP shipped 14.7 million units worldwide, a 23.3 percent year-over-year
growth and a 19 percent market share. 

 

PC's and laptops from HP are often shipped with preinstalled software
running on Microsoft Windows. The software is designed so the end-user
can keep drivers and HP software automatically updated. This is done
through a ActiveX plugin for Microsoft Internet Explorer.

 

CSIS have discovered multiple high-risk vulnerabilities in several parts
of that specific software. The affected component are found preinstalled
on a broad range of HP equipment but are also installed when a end user
visits HP webpage in order to access software updates such as
applications, drivers and firmware for multiple HP products.

 

We have discovered eight different vulnerabilities of which five should
be considered highly critical since they allow remote code execution.

 

At least five of these vulnerabilities have been confirmed to work in a
typical drive-by scenario. All it takes to exploit is to lure a user
into visiting a hostile and specifically crafted website. The attack
could also be done through SQL and HTML injection. This would allow, if
the system is found vulnerable, to run arbitrary code and take complete
control of the system or at least with the privileges of the logged on
user. In order for this scenario to work it would only require one of
the affected ActiveX objects to be installed and Active scripting to be
enabled in Microsoft Internet Explorer, which it is by default.

 

The vulnerability was discovered and reported by Dennis Rand from CSIS
Security Group.

 

HP has released an advisory and update to address these vulnerabilities.


HP Instant Support HPISDataManager.dll Running on Windows, Remote
Execution of Arbitrary Code

 
<http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=
c01422264>
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c
01422264

 

Technical advisory with PoC can be downloaded here:

 <http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf>
http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ