December 12, 2007 (Computerworld) -- Nearly two-dozen different laptop models sold by Hewlett-Packard Co. ship with software plagued with multiple zero-day vulnerabilities, security researchers said today.

"One of its ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution- and remote registry manipulation-based attacks," said a researcher using the alias "porkythepig" in posts to both milw0rm.com and the Bugtraq security mailing list.

The posts spelled out the vulnerabilities and included proof-of-concept exploit code.

Symantec recommended that users set the "kill bit" on the ActiveX control until HP produces a patch;

here's the original article