First, I would like to thank HP SSRT security team for great communication and cooperation on the report.
- uses non-secure transport protocol (read MITM)
- does not implement or at least verify secure-hashing i.e. authenticated&authorized origins of the DOWNLOADED files
- has several XSS vulnerabilities (perhaps many more to be discovered)
For a specially crafted EPS file, inserting it as a picture in one of the mentioned applications will result in a stack based overflow in the EPSIMP32.FLT
EPSIMP32.FLT is a graphical filter used to process cetain embedded file-types into MSOffice documents.
Specifically, EPSIMP32.FLT will process EPS (Encapsulated PostScript) files.
MS confirmed crash, but marked as NOT exploitable.
Other advisory numbers: MS-12305cw
More details here.
NOTE: this was a valid security advisory when discovered, but because of bad timing for reporting, the issue is confirmed as fixed by side-effect of firmwares signature verification patch by HP during Nov 2011.
More details here
A deep dive into brain's curiosities
|<< <||Current||> >>|