You are here: silicon.com > Software > Malware

Malware

HP printer software warning

Flaw could be a route into Windows-based computers

Tags: printers, printer

Printer Friendly Email Story RSS

By Joris Evers

Published: 6 April 2006 08:05 BST

A security flaw in software that ships with two Hewlett-Packard Color LaserJet printers could open a door for cybersnoops, HP has warned.

The vulnerability lies in the Toolbox software that comes with HP's Color LaserJet 2500 and 4600 printers, the company said. The flaw could allow a remote, unauthorised malicious user to retrieve arbitrary files from a Windows computer when the software is running in the default configuration, HP said in a security alert published on Sunday.

The Toolbox is software that installs on a PC along with the drivers. It uses a simple web browser interface for access to printer status information, troubleshooting tips and demos, and an alerts feature.

HP has made HP Color LaserJet 2500/4600 Software Update version 3.1 available to resolve the security issue, it said. Security monitoring company Secunia rates the issue "less critical". The flaw is caused by an input validation error in the web server that's part of the software, according to a Secunia alert, published on Wednesday.

Discovery of the flaw is credited by HP and Secunia to Richard Horsman of Sec-1.com.

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

HP aims to reclaim top spot for laptops

Dell to debut its first printers

HP forger arrested in China

Being 'green': Practical, possible... and profitable?

CIOs told to wise up to printing... of all things

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…

Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...


How the good guys fight the security arms race

UK banks targeted by phishing attacks

Mobile malware: The threat exists

silicon.com Classics: 'Nigerian' money scam - What happens when you reply?

First iPhone Trojan reported

Cyber spies plan attacks next year



  • Jobs
SAP Netweaver Portal Consultant

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, ...

Oracle HRMS / Payroll Consultant

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, ...

Helpdesk Support Analyst (1st/2nd Line Support)

You will also be required to install new desktop, hardware and software requested by City of London police customers, which may involve carrying ...

CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.

Law firm gets SaaSy with email security

Taylor Woodrow heads for the cloud

College classrooms go high-tech

Customer Perspective: Tata Telecom

eVerge Takes on the Competition With PeopleSoft ESA for Professional Services

Microsoft Dynamics GP Demo

MSDN Webcast: Demystifying Office Business Applications for the Developer (Level...

Stories from the web...


Peter Cochrane's Video Blog: For whom the bell tolls

60-Second Pitch: FMC

Peter Cochrane's Video Blog: Power outrage


The £500k hunt for missing HMRC discs

Beeb appoints new iPlayer chief

Indian outsource giants feeling the pinch

Has Barclays stamped out fraud with PINsentry?

Number of free ATMs to increase by a third




Quick Sitemap Links: