HP has plugged another ActiveX vulnerability in its software update application.
The patch (CVE-2008-0712) covers "a potential vulnerability has been identified with the HPeDiag ActiveX control which is a component of HP Software Update running under windows. The vulnerability could be exploited to allow remote disclosure of information and execution of arbitrary code."
The vulnerability affected any PC with HP Software Update v4.000.009.002 or earlier running on Windows.
Secunia rated the flaw "highly critical" and researcher Tan Chew Keong discovered the vulnerability. HP has been wrestling with ActiveX vulnerabilities in its software update feature for months.