HP plugs latest ActiveX software update flaw

HP plugs latest ActiveX software update flaw

Summary: HP has plugged another ActiveX vulnerability in its software update application.The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows.

SHARE:

HP has plugged another ActiveX vulnerability in its software update application.

The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code."

The vulnerability affected any PC with HP Software Update v4.000.009.002 or earlier running on Windows.

Secunia rated the flaw "highly critical" and researcher Tan Chew Keong discovered the vulnerability. HP has been wrestling with ActiveX vulnerabilities in its software update feature for months.

Topics: Security, Hewlett-Packard, Software, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Lets talk about one of my pet peeves..

    HP Software Updates Are Available! Download now? Why sure! Click Click denied.. You must have Administrator Access to perform this function.

    Now repeat that across around 100 users that have HP printers and no admin access that I have to support and you have a perfect cocktail of p*ss me off.

    For the love of all thats good, HP, get out of the software business. Give me a driver and go away.
    supercharlie
  • RE: HP plugs latest ActiveX software update flaw

    <a href="http://www.semnos.ro">camere foto</a>
    obibrian66
  • yet another reason to remove all OEM's crapware

    yet another reason to remove all OEM's crapware
    qmlscycrajg
  • So is this number 1488 for HP via ActiveX

    You know, you would think, somehow, someway, the constant security (and you know the list, HP + ActiveX is here quite often) rework, constant customer exposure, and the flat out COST of using ActiveX for their wares would at some point cause management to say "Enough!".

    This is one of the definitions of insanity, doing the same thing over and over (ActiveX fixes and throwing post sales development at the problem) and expecting a different result. Nothing ActiveX gives them can't be done in a better, more secure, more efficient way. Oh Well, I guess I will just post this again next week when HP makes the news with yet another threat vector via ActiveX in their wares.

    TripleII
    TripleII-21189418044173169409978279405827
  • HP Pavilion dv2600

    It shipped with Vista Home Premium, but I've never seen it, upon arrival I just booted into an Ubuntu LiveCD and put a real operating system on the machine, never even saw the windows install.

    So my HP never had this vulnerability. Do wish I'd have saved the wallpapers first though /shrug oh well.
    starcannon99022
  • RE: HP plugs latest ActiveX software update flaw

    I cannot comment!!
    lucio1978