Software update for HP Virtual Rooms
Hewlett Packard has eliminated a serious security problem in its HP Virtual Rooms collaboration software and made an update to version 7.0.1 available. According to HP, the defect could allow code to be injected into vulnerable systems over a network. All Windows versions prior to version 7.0.1 are affected.
HP does not describe the gap in detail, but does mention that the update also sets the kill bit for the ActiveX control in order to disable it. An attacker may be able to exploit the vulnerability if the a user with Internet Explorer goes to a suitably rigged web page. The vendor recommends that all users of the software update as soon as possible.