Hewlett-Packard Company Information for VU#998779

HP Online Support Services ActiveX StartApp() arbitrary code execution



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



From the HP Support Document:

    To install HP Instant Support - v1.0.0.24 or later, choose to “launch an online diagnostic session�? from the Instant Support Professional edition web site: http://www.hp.com/go/ispe

    The vulnerabilities can also be resolved by the following procedure:

    Set the kill bit for the vulnerable ActiveX control's Class identifier (CLSID) {14C1B87C-3342-445F-9B5E-365FF330A3AC} . The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft's article KB240797 or subsequent. http://support.microsoft.com/kb/240797

    If you have feedback, comments, or additional information about this vulnerability, please send us email.