Hewlett-Packard Company Information for VU#526131

HP Online Support Services ActiveX RegistryString() buffer overflow



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



From the HP Support Document:

    The vulnerabilities can also be resolved by the following procedure:

    Set the kill bit for the vulnerable ActiveX control's Class identifier (CLSID) {14C1B87C-3342-445F-9B5E-365FF330A3AC} . The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft's article KB240797 or subsequent. http://support.microsoft.com/kb/240797 .

    If you have feedback, comments, or additional information about this vulnerability, please send us email.