Computer maker Hewlett Packard has fessed up to a gaping security hole on more than 80 laptop models, warning that the backdoor could users at risk of drive-by code execution attacks.
An advisory from HP lists 82 laptop models as vulnerable to the ActiveX vulnerability found on the HP Info Center software. The issue is rated “critical” and HP laptop owners should be aware that public exploit code that provides a roadmap for exploiting the hole is circulating around the Internet.
A successful exploit simply requires that the laptop owner is lured to a malicious Web site while using Microsoft’s Internet Explorer. The risks include remote code execution, remote system registry read/write access and remote shell command execution.
It affects laptops running Windows 2000, Windows XP and Windows Vista.
HP confirms gaping backdoor on 82 laptop models | Ryan Naraine’s Zero Day | ZDNet.com