1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP HP Info Center ActiveX Code Exec

HTTP HP Info Center ActiveX Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a remote code execution vulnerability by passing specially crafted argument into vulnerable methods of HP Info Center HPInfoDLL.DLL ActiveX Control.

Additional Information

HP Info Center is a component of HP's Quick Launch Buttons application. It provides one-button system information and hardware configuration on multiple HP laptop models.

HP Info Center uses an ActiveX control that is prone to multiple vulnerabilities that attackers can exploit to run arbitrary code.

These issues affect the following methods of the ActiveX control 'HPInfoDLL.dll' identified with CLSID {62DDEB79-15B2-41E3-8834-D3B80493887A}:

GetRegValue
SetRegValue
LaunchApp

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.

Successfully exploiting these issues allows remote attackers to edit registry key information and execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

HP Info Center 1.0.1.1 with HPInfoDLL.dll ActiveX control 1.0 is vulnerable; other versions may also be affected. Note that multiple HP laptops ship with this software.

Affected

  • HP Info Center 1.0.1.1

Response

The vendor has released an advisory and a fix to address this issue. Plesae see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube