D
DelJo63
December 12, 2007 (Computerworld) -- Nearly two-dozen different laptop models sold by Hewlett-Packard Co. ship with software plagued with multiple zero-day vulnerabilities, security researchers said today.
"One of its ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution- and remote registry manipulation-based attacks," said a researcher using the alias "porkythepig" in posts to both milw0rm.com and the Bugtraq security mailing list.
The posts spelled out the vulnerabilities and included proof-of-concept exploit code.
Symantec recommended that users set the "kill bit" on the ActiveX control until HP produces a patch;
here's the original article
"One of its ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution- and remote registry manipulation-based attacks," said a researcher using the alias "porkythepig" in posts to both milw0rm.com and the Bugtraq security mailing list.
The posts spelled out the vulnerabilities and included proof-of-concept exploit code.
Symantec recommended that users set the "kill bit" on the ActiveX control until HP produces a patch;
here's the original article