Hewlett-Packard has warned that software bundled with
some of its printers could allow remote hackers to steal data from
users' PCs.
A security flaw in software that ships with two HP Color
Laserjet printers can act as an entry into users' Windows systems
when it is running in default mode.
The bug is in the Toolbox program, which comes with HP's Color
Laserjet 2500 and 4600 printers.
Toolbox is installed on a PC along with the printer drivers. It
uses a web browser interface to allow users to access printer
status information, troubleshooting tips and demos, and alerts.
To address the security problem, HP has issued Color Laserjet
2500/4600 Software Update version 3.1, which the company said
should be downloaded immediately by users.
Security software company Secunia said the flaw is caused by an
input validation error in the web server that forms part of the
software.
As printers have become more integrated with web-enabled
businesses, they have become more of a threat. A number of printers
now available for corporate use are able to search for new software
updates themselves, across business networks and onto the internet,
thereby presenting a hacking opportunity for remote attackers.