• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

HP Software Update 'Hpufunction.dll' ActiveX Control Insecure Method Vulnerabilities

HP Software Update ActiveX control is prone to multiple insecure-method vulnerabilities, allowing attackers to launch arbitrary applications from the local system.

An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.

Successfully exploiting these issues allows remote attackers to launch arbitrary applications with the privileges of the application running the ActiveX control (typically Internet Explorer).

Hpufunction.dll 4.0.0.1 is vulnerable; other versions may also be affected.