HP: The ActiveX security follies continue

Summary:Fresh off a series of security problems with software included on HP laptops, the company is under the gun again, say security researchers. One common thread: HP vulnerabilities due to ActiveX issues.

Fresh off a series of security problems with software included on HP laptops, the company is under the gun again, say security researchers. One common thread: HP vulnerabilities due to ActiveX issues.

The latest HP vulnerability--discovered by security researcher Elazar Broad--involves the HP Virtual Rooms Install. Virtual Rooms is a suite of online collaboration, training and support tools. Several properties are vulnerable to buffer overflows.

In his advisory, Broad writes:

HP uses an ActiveX control to install the Virtual Rooms client. Several properties including AuthenticationURL, PortalAPIURL, cabroot are vulnerable to a buffer overflow.

hpvirtualrooms14.dll version 1.0.0.100 HP Virtual Rooms Install {00000014-9593-4264-8B29-930B3E4EDCCD} Implements IObjectSafety

Secunia rates the flaw "highly critical." The flaw can be exploited to execute arbitrary code. The flaw is unpatched.

If all of these ActiveX problems sound familiar that's because HP vulnerabilities spring up regularly. Last month, a Polish hacker porkythepig found a zero-day vulnerability in HP laptops that leave the PC unbootable. Before that HP confirmed a backdoor on 82 laptop models.

Can we get just a little testing at HP?

Also see Ryan Naraine's take.

Topics: Hardware, Enterprise Software, Hewlett-Packard, Laptops, Mobility, Security, Software, Software Development

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.