1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP HP Software Update ActiveX BO

HTTP HP Software Update ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit file-overwrite vulnerabilities by passing malicious arguments into various methods of HP Software Update ActiveX control.

Additional Information

HP Software Update is an application installed by default on multiple HP laptop models. The application enables and manages automatic software updates.

HP Software Update uses an ActiveX control that is prone to multiple vulnerabilities that attackers can exploit to overwrite arbitrary files.

These issues affect the following methods of the ActiveX control 'RulesEngine.dll' identified with CLSID {7CB9D4F5-C492-42A4-93B1-3F7D6946470D}:

SaveToFile()
LoadDataFromFile()
SaveDataToFile()

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.

Successfully exploiting these issues allows remote attackers to overwrite arbitrary user files. Attackers must supply the exact path and filename information of any targeted user files. Attackers can also overwrite critical SYSTEM files, which can prevent the computer from restarting.

HP Software Update 3.0.8.4 with 'RulesEngine.dll' ActiveX control 1.0 is vulnerable; other versions may also be affected.

Note that multiple HP laptop models ship with this software.

Affected

  • HP Software Update 3.0.8.4

Response

Download and install all applicable patches from the vendor for this issue.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube