ActiveX from HP enables computer takeover
HP has reported a security vulnerability in an ActiveX module in the Instant Support - Driver Check. The actual function of the software is to search for updated drivers for HP hardware. The vulnerability may, however, also allow attackers to install and remotely execute arbitrary software using crafted websites.
The vulnerability is in the ActiveX module sdd.dll. In the function query Hub() a buffer overflow with known consequences occurs during the processing of excessively long strings. This affects the software in versions previous to the current version (v18.104.22.168). Users can update to this level by visiting the Instant Support - Driver Check website.
It is, however, good policy to deactivate ActiveX entirely in the Internet zone. Despite numerous kill bits for COM objects and ActiveX modules which are often set on Microsoft Patch Days, there are still ActiveX modules that allow themselves to be used by any website, rendering their vulnerabilities exploitable.
- HP Instant Support - Driver Check Running on Windows XP, Remote Unauthorized Access, security advisory from HP (only displayed correctly in IE)