Denial of Service Condition in Compaq Presario Personal Computers

Reported April 11, 2001, by Compaq.

 

VERSION AFFECTED

  • Compaq Presario PCs running Windows Millennium Edition (Me) and Windows 98

DESCRIPTION


Compaq provides customer support features through its Knowledge Center and Back Web components for its Presario PCs running Windows Millennium Edition (Me) and Windows 98. Users use ActiveX to implement some of Presario's custom support features. By utilizing the ActiveX control function LogDataListToFile, a malicious attacker can use a Web page to write a specified file to the system's hard drive, creating a potential Denial of Service (DoS) vulnerability. The intruder can't modify the content of the file, but can access the hardware and software configuration information.

 

VENDOR RESPONSE

 

The vendor, Compaq Computer Corporation, has released Softpaq 16629 to correct this vulnerability.

 

CREDIT


Discovered by Compaq.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish