Advertisement
Promo

Security threats Toolkit

HP patches 'critical' flaw in 100 laptop models

Liam Tung ZDNet Australia

Published: 18 Dec 2007 13:30 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

HP has released a patch which disables its Info Center shortcut tool, used in 100 different HP laptop models, in an attempt to work around a design flaw.

HP has labelled the flaw "critical". It affects 15 variations of HP's Compaq Presario Notebook PC series, three in the HP 500 Notebook model series, 46 in the HP Compaq Notebook PC series, and 14 in the HP Pavilion Notebook PC series, as well as other models, according to HP's security notice.

News of the flaw was reported by a researcher using the name "porkythepig" on the Bugtraq security bulletin on 11 December. The researcher discovered that flaws in HPInfoDLL.dll — one of the ActiveX controls used within HP Info Center — could allow remote attackers to carry out a number of malicious activities.

These include installing malware, changing registry information in preparation for a more sophisticated attack, using the machine in a denial-of-service attack and stealing sensitive data from documents on the compromised machine.

For the flaw to be exploited, the user of an affected laptop would need to visit a specially crafted website.

Exploit code has been posted on vulnerability-alert site milw0rm and on SecurityFocus's Bugtraq.

CNET News.com's Robert Vamosi and ZDNet.co.uk's Tom Espiner contributed to this article.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
18 out of 21 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:








Related Jobs

ELECTRICAL ENGINEER DAYS - to 33K

JAVA, J2EE, C++, - Machine Learning / Information Retrieval - Germany

Machine Operator / Setter

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters