In association with heise online

03 July 2007, 10:15

ActiveX from HP enables computer takeover

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

HP has reported a security vulnerability in an ActiveX module in the Instant Support - Driver Check. The actual function of the software is to search for updated drivers for HP hardware. The vulnerability may, however, also allow attackers to install and remotely execute arbitrary software using crafted websites.

The vulnerability is in the ActiveX module sdd.dll. In the function query Hub() a buffer overflow with known consequences occurs during the processing of excessively long strings. This affects the software in versions previous to the current version (v1.5.0.3). Users can update to this level by visiting the Instant Support - Driver Check website.

It is, however, good policy to deactivate ActiveX entirely in the Internet zone. Despite numerous kill bits for COM objects and ActiveX modules which are often set on Microsoft Patch Days, there are still ActiveX modules that allow themselves to be used by any website, rendering their vulnerabilities exploitable.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit