HP laptops suffer exploit scare

 

Gallery

By Stuart Turton

Posted on 12 Dec 2007 at 12:07

A flaw in the software that comes bundled with HP laptops could leave user's machines vulnerable to hackers, according to exploit reporting site Milw0rm.

The posting claims that one of the ActiveX controls employed by "HP Info Center", which comes installed on the majority of HP laptops, "has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution and remote registry manipulation based attacks."

The offending ActiveX control is identified as HPInfoDLL.dll, and the post claims that a successful exploit requires only that the laptop owner visit a malicious website, whilst using Internet Explorer. Other browsers are not affected.

Once exploited, the site claims that HP laptops are left open to remote code executions, system registry read/write access and remote shell command execution.

"HP is aware of a reported security vulnerability with the HP Quick Launch Button application," the company says in a statement.

"All potential security concerns are treated seriously and managed appropriately. As an interim solution, a security patch for the HP Quick Launch Buttons will be made available later today."

"The security patch is classified by HP as "critical" and will fully eliminate the security vulnerability but also disable the HP Info Center application and button."