HP plugs latest ActiveX software update flaw

Summary:HP has plugged another ActiveX vulnerability in its software update application.The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows.

HP has plugged another ActiveX vulnerability in its software update application.

The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code."

The vulnerability affected any PC with HP Software Update v4.000.009.002 or earlier running on Windows.

Secunia rated the flaw "highly critical" and researcher Tan Chew Keong discovered the vulnerability. HP has been wrestling with ActiveX vulnerabilities in its software update feature for months.

Topics: Security, Hewlett-Packard, Software, Software Development

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.