Nearly two-dozen different laptop models sold by Hewlett-Packard Co. ship with software plagued with multiple zero-day vulnerabilities, security researchers said today.
The bugs are in an ActiveX control included with the HP Info Center software preinstalled on both HP- and Compaq-branded laptops running Windows 2000, XP, Server 2003 and Vista, Symantec Corp. said in a note to clients of its DeepSight threat network. Info Center is a part of HP’s Quick Launch Buttons application, which gives users one-click access to information and configuration details on the portables.
“One of its ActiveX controls deployed by default by the vendor has three insecure methods that allow a malicious person to target the HP notebook machines for a remote code execution- and remote registry manipulation-based attacks,” said a researcher using the alias “porkythepig” in posts to both milw0rm.com and the Bugtraq security mailing list.
HP, Compaq, Notebook, Laptop, Vulnerability, Exploit, Bugs, Zero-day, Shippment