Severity: High
5 June, 2008
Summary:
- This vulnerability affects: Hewlett-Packard desktop and laptop computers running Windows
- How an attacker exploits it: By luring one of your users to a maliciously crafted website, where a drive-by download occurs
- Impact: The attacker can take complete control of your user’s computer
- What to do: Either set the kill bit for the vulnerable ActiveX control, or update your HP Instant Support software to version 1.0.0.24
Exposure:
Hewlett-Packard (HP) is the world’s largest PC dealer. HP has sold millions of desktop and laptop computers, and according to industry observers, accounts for as much as 20 percent of the PC market. Somewhere among your users, it is probable that an HP computer regularly connects to your network. If you have no HP computers on your network, this security alert does not pertain to you.