Thursday, March 28, 2024
Search
  
Thursday, November 23, 2017
 HP Patches Code execution Bug in Enterprise Printers
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
 
Message Text:

HP has released firmware patches to fix a vulnerability that could be exploited to perform remote code execution attacks on enterprise-grade printers.

HP says that the vulnerability impacts a wide range of business-ready printers, including the HP Color LaserJet Enterprise M651, HP Color LaserJet M680, HP LaserJet Enterprise Flow MFP M631, HP PageWide Enterprise Color X556, and many others.

The firmware updates can be downloaded manually from HP through the firmware search tool.

The bug was reported by FoxGlove Security, which issued an advisory disclosing the technical details about it. The researchers managed to reverse engineer ".BDL" (bundle) extension files found in HP's firmware. The next step was to
craft and upload crafted firmware files to discover where signature validation was taking place in order to bypass these protections.

Due to "insufficient solution DLL signature validation," FoxGlove was then able to use this information to create malware specifically designed to exploit the printer ranges' security weaknesses leading to remote code execution.

 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2024 - All rights reserved -
Privacy policy - Contact Us .