brainslicer Postad 12 December , 2007 Rapport Postad 12 December , 2007 Zero-day flaw haunts HP laptop models A zero-day hole in several major HP laptop models could provide an easy way for hackers to take complete control of Windows machines, according to a warning from an independent security researcher. A successful exploit simply requires that the laptop owner is lured to a malicious Web site while using Microsoft’s Internet Explorer. The risks include remote code execution, remote system registry read/write access and remote shell command execution. The vulnerable ActiveX control is identified as HPInfoDLL.dll, which is marked as “Safe for Scripting” by default. The exploit code, which has been posted to Milw0rm.com and BugTraq, includes a list of HP laptop models that are confirmed vulnerable. The researcher also provides a Web page that detects if your HP machine is vulnerable (use at your own risk). ALSO SEE: There’s a hole in your laptop, dear HP, dear HP ] _______________________________________________ samma från secunia: HP Info Center HPInfo Class ActiveX Control Insecure Methods Secunia Advisory: SA28055 Release Date: 2007-12-12 Critical: Highly critical Impact: Manipulation of data Exposure of system information System access Where: From remote Solution Status: Unpatched Permanent säkerhetshål | 2007-12-12 14:27: Dessa 23 bärbara saknar skydd mot säkerhetslucka En allvarlig säkerhetslucka som det inte går att täppa till har upptäckts i minst 23 bärbara datorer från en stor tillverkare. Citera
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.