HP_Software_Update_Tool_ActiveX_Control_File_Overwrite_attack

An arbitrary file overwrite vulnerability exists in the HP Software Update, shipped with many HP systems. The vulnerability is due to a design weakness in an ActiveX component that is used to download patches and updates for the HP software. A remote attacker may persuade the target user to open a malicious web page to overwrite sensitive files on the local system's file system and potentially corrupt the operating system, and/or execute arbitrary code on the vulnerable system with privileges of logged in user. The target computer may lose its function partially or entirely, depending on the specific files that are corrupted in an attack. Reinstallation of operating system may be required to restore the function of the target system. If the attack leads to code execution, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. ---