HP warns of printer software security flaw


HP warns of printer software security flaw

Antony Savvas

Hewlett-Packard has warned that software bundled with some of its printers could allow remote hackers to steal data from users' PCs.

A security flaw in software that ships with two HP Color Laserjet printers can act as an entry into users' Windows systems when it is running in default mode.

The bug is in the Toolbox program, which comes with HP's Color Laserjet 2500 and 4600 printers.

Toolbox is installed on a PC along with the printer drivers. It uses a web browser interface to allow users to access printer status information, troubleshooting tips and demos, and alerts.

To address the security problem, HP has issued Color Laserjet 2500/4600 Software Update version 3.1, which the company said should be downloaded immediately by users.

Security software company Secunia said the flaw is caused by an input validation error in the web server that forms part of the software.

As printers have become more integrated with web-enabled businesses, they have become more of a threat. A number of printers now available for corporate use are able to search for new software updates themselves, across business networks and onto the internet, thereby presenting a hacking opportunity for remote attackers.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy