funsec mailing list archives
Got an HP printer? Watch out....
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 29 Jun 2007 10:24:45 -0400
Hi, A few days ago, Brian Mariani reported on a security hole in an HP ActiveX control that allows for system take-over from a malicous script on a Web page. The "safe-for-scripting" control includes a method for writing XML files on the local hard drive(!). This unsafe method can be used to drop a malware downloader .HTA script in the "All Users" start-up folder that gets run the next time a system is rebooted. More info about the bug is available here: http://www.securityfocus.com/archive/1/472384 I actually found the same bug about 18 months ago and reported the problem right away to HP. It appears HP hasn't issued a security patch in all this time. I believe this buggy control is installed by most HP printer support software shipped since 2001 or 2002. Turning on the kill bit for this control is a wise move. For reasons I don't quite understand yet, IE7's ActiveX opt-in feature didn't stop Brian's POC demo from running on my home system. More investigation is required. Richard M. Smith P.S. There are other HP ActiveX controls with similar security problems. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Got an HP printer? Watch out.... Richard M. Smith (Jun 29)