HP_Software_Update_Remote_Code_Execution

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory

HP Software Update Remote Code Execution Vulnerability


Date Discovered:	5/21/2008
Severity:	High
Applications Affected:	HP Software Update 4.0.0.1
Type	Remote
Identifiers	CVE-2008-2390 BID-28947
Vendor	HP

Synopsis

A vulnerability has been discovered in HP software update application. This allows remote attackers to execute the arbitrary code on the system installed with vulnerable version.

The flaw exists in its ActiveX control "Hpufunction.dll" file, which failed to properly sanitize the user supplied data before processing.

Recommended Action

Set the kill bit on the Class Identifier (CLSID):{B00FBC78-73CB-4216-8D01-96770CC020C3}

Instructions to set the kill bit Instructions

Threat Analysis

Software update is the application provided by the HP to update its software’s on time to time. This application is bundled with many of HP other products. Recently there is a vulnerability found in it that causes the remote code execution on the victim machine.

Vulnerability exists in its ActiveX control "Hpufunction.dll" file. A remote attacker can use one of these methods ExecuteAsync() and Execute() which are defined in this ActiveX to execute the arbitrary code on the target machine.

References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2390
http://www.securityfocus.com/bid/28947/info

Write-up by: Vikrant

Security Sites

“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”

Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner

| | | | | | | | |