Hewlett-Packard Company Information for VU#754403

HP Online Support Services ActiveX ExtractCab() buffer overflow

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

From the HP Support Document:

    The vulnerabilities can also be resolved by the following procedure:

    Set the kill bit for the vulnerable ActiveX control's Class identifier (CLSID) {14C1B87C-3342-445F-9B5E-365FF330A3AC} . The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft's article KB240797 or subsequent. http://support.microsoft.com/kb/240797

    If you have feedback, comments, or additional information about this vulnerability, please send us email.