Vulnerability
ActiveX
Affected
Compaq Presidio Win ME
Description
Following is based on a SSRT0716 Security Advisory. Compaq
continues to take a serious approach to the quality and security
of all its software products and makes every effort to address
issues and provide solutions in a timely manner. In line with
this commitment, Compaq is responding to recent concerns of a
potential security vulnerability with Active X.
Compaq Presario personal computers provide customer support
features through its Knowledge Center and Back web components.
Some features are implemented with Microsoft's Active X. By
utilizing the active X control function, "LogDataListToFile", an
attacking web page could write a specified file to the system's
hard drive. This allows a potential denial of service
vulnerability. The content of the file written is not modifiable.
The named file contains text with hardware and software
configuration information.
Models affected:
Laptop Models: 1200T, 1200-XL102, 1200-XL104, 1200-XL105,
1200-XL106, 1200-XL107, 1200-XL110, 1200-XL111, 1200-XL118,
1200-XL119, 1200-XL450, 1244, 1245, 1247, 1255, 1256, 1260, 1266,
1267, 1270, 1272, 1273, 1274, 1275, 1277, 1278, 12XL125, 12XL126,
12XL127, 12XL128, 12XL300, 12XL300B, 12XL310, 12XL325, 12XL326,
12XL327, 12XL330, 12XL400, 12XL401, 12XL410, 12XL426, 12XL427,
12XL430, 12XL500, 12XL501, 12XL505, 12XL510, 12XL526, 12XL527,
12XL530, 1400T EB2 (14XL3EB), 1400T-XL4, 14XL240, 14XL244,
14XL245, 14XL340, 14XL345, 14XL420, 14XL440, 14XL445, 1660, 1670,
1672, 1675, 1685, 1687, 1688, 1690, 1692, 1693, 1694, 1800, 1825,
1827, 1830, 1700T-XL5, 17XL260, 17XL262, 17XL265, 17XL275,
17XL360, 17XL365, 17XL375, 17XL460, 17XL465, 17XL475, 17XL570,
17XL575, 1800T, 1800T-XL4, 1800-XL180, 1800-XL181, 18XL2 CTO,
18XL280, 18XL380, 18XL390, 18XL580, 1900-XL1, 1900-XL161, 1920,
1925, 1930
Desktops Models: 305, 2281, 2286, 3550, 5000A Carepanion, 5000T,
5000US, 5000Z (5UVM21), 5000Z / 5007H, 5000Z / 5008H, 5001CL,
5001R, 5001SR, 5002US, 5003R, 5003US, 5004CL, 5004US, 5005CL,
5005R, 5005SR, 5006H, 5006US, 5007R, 5007SR, 5008US, 5009CL,
5009R, 5009SR, 5010US, 5011CL, 5011R, 5012US, 5014US, 5070, 5184,
5185, 5202, 5204, 5220, 5222, 5225, 5240, 5242, 5245, 5280, 5282,
5284, 5285, 5301, 5304, 5330, 5340, 5345, 5352, 5360, 5365, 5410,
5440, 5451, 5457, 5460, 5461, 5465, 5473, 5600, 5670, 5686, 5690,
5695, 5697, 5710, 5711, 5712, 5714, 5715, 5716, 5717, 5721, 5722,
5724, 5725, 5726, 5735, 5736, 5738, 5745, 5822, 5832, 5837, 5838,
5855, 5861, 5868, 5875, 5888, 5600I, 5600Kiosk, 5600S, 5700n,
5900z, 5BW112, 5BW120, 5BW122, 5BW130, 5BW131, 5BW135, 5BW160,
5BW172, 5BW175, 5BW220, 5BW250, 5BW251, 5BW284, 5WV232, 5WV252,
5WV254, 5WV260, 5WV261, 5WV270, 5WV271, 5WV275, 5WV280, 5WV282,
5WV285, 5WV294, 5WV295, 7360, 7462, 7465, 7470, 7471, 7475, 7478,
7485, 7585, 7588, 7590, 7594, 7595, 7596, 7598, 7599, 7885, 7895,
7922, 7947, 7970, 7985, 7990, 7994, 7000T (7RPM), 7000US,
7000z-7PL2, 7001CL, 7002US, 7003US, 7006US, 7AP134, 7AP135,
7AP140, 7AP170, 7AP195, 7PL270, 7PL290, 7PL295, 7QSM, 800T-80XL4,
80XL550, EZ2200, EZ2207, EZ2605, EZ2700.
Solution
Compaq has changed the way the Microsoft Active X features are
used in Presario systems. A software patch is available via the
Internet as SoftPaq 16629 that solves this problem.
The patch was sent via Compaq's Back Web server to the affected
systems on March 27, 2001. If this feature is enabled on a
system, the update takes place automatically. It will also be
available on Microsoft's Windows Update Site After April 25, 2001.
Apply the SoftPaq 16629 patch to Presario Systems:
http://web14.compaq.com/falco/sp_syn.asp?page=splist&detail=yes&recid=16629
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
