Forbidden Web

Apr 25, 2008

HP Software Update Vulnerabilities
US-CERT is aware of reports of multiple vulnerabilities affecting HP Software Update. These vulnerabilities are due to insecure methods in multiple ActiveX controls. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or view or modify sensitive information.

US-CERT encourages users to do the following to help mitigate the risks:

Review the HP Support document and update to HP Software Update v4.000.010.008.
Set the kill bit for the CLSIDs listed in the HP Support document.
Disable ActiveX as described in the Securing Your Web Browser document.