1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP HP GetFileTime ActiveX BO

HTTP HP GetFileTime ActiveX BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability by passing long arguments into a method of HP Instant Support 'HPISDataManager.dll' ActiveX Control which may result in remote code execution.

Additional Information

HP Instant Support is a suite of web-based support tools that automate resolving technical issues that affect HP products.

HP Instant Support 'HPISDataManager.dll' ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. The vulnerability affects the first argument of the 'GetFileTime()' method of the ActiveX control identified by CLSID:

14C1B87C-3342-445F-9B5E-365FF330A3AC

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.



NOTE: This issue was previously covered in BID 29526 (HP Instant Support 'HPISDataManager.dll' ActiveX Control Unspecified Code Execution Vulnerabilities), but has been given its own record because of new information.

Affected

  • HP Instant Support 1.0.0.22 and earlier versions are affected.

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube