This morning while choking down the morning coffee I noticed that HP notebooks have a fly in the ointment. It turns out that software that ships on the laptops has an ActiveX control that can enable a remote attack.
From milw0rm:
Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer’s preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access.
Overview:
/////////Software called “HP Info Center” is shipped with almost every HP laptop model for few years. It is designed to support user with quick system information and hardware configuration using single button touch. One of its ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution and remote registry manipulation based attacks.
Impact:
///////Remote code execution
Remote system registry read/write access
Remote shell command execution
For the full advisory read on.
[tags]HP Laptops, HP Exploit, HP Vulnerability[/tags]
