Hewlett-Packard Sprinter TTF16.ocx SwapTables Method Memory Corruption Remote Code Execution VulnerabilityZDI-14-358: October 14th, 2014
TippingPoint™ IPS Customer ProtectionTippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 16231. For further product information on the TippingPoint IPS:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Sprinter. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The vulnerability is found in Tidestone Formula One ActiveX controls, which are installed as a part of HP Sprinter. By providing an improper parameter to the method SwapTables provided by those controls, an attacker can execute code in the context of the browser.
Vendor ResponseHewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
2014-05-30 - Vulnerability reported to vendor
2014-10-14 - Coordinated public release of advisory
CreditThis vulnerability was discovered by:
Andrea Micalizzi (rgod)