Intrusion Prevention

HP.Info.Center.ActiveX.Remote.Command.Execution

Description

This indicates an attempt to exploit a remote command execution vulnerability in HP Info Center.
Multiple Hewlett-Packard notebook computer series are vulnerable to a remote code execution attack. The vulnerability is in the preinstalled software package "HP Info Center", in the "LaunchApp" method of its ActiveX control.

Affected Products

HP Info Center v1.0.1.1
HPInfoDll.dll ActiveX CTL v1.0

Impact

System Compromise: Remote attackers can execute arbitrary commands on vulnerable systems.

Recommended Actions

Upgrade to the latest version available
ftp://ftp.hp.com/pub/softpaq/sp38001-38500/sp38166.html
ftp://ftp.hp.com/pub/softpaq/sp38001-38500/