HP spots hack in the Toolbox

Hewlett-Packard has warned users of two of its laser printer models that they could pose a security risk to Windows PCs.

The vulnerability was discovered in the Toolbox software supplied with the HP Color LaserJet 2500 and 4600 printers and if exploited could give an unauthorised users access to files on machines on the same network as the printer. The flaw can only be exposed if the software is running in default mode.

The Toolbox software is installed on a PC along with the relevant printer drivers; it is used to provide information about print status and queues as well as troubleshooting feedback. The flaw, according to computer security firm Secunia, is caused by an input-validation error in the print server component of the software.

Secunia notes that this could be exploited to ‘disclose the contents of arbitrary files via directory traversal attacks’.

HP has made a patch and more information available on its Security Bulletin c00634759.

Secunia chief technology officer Thomas Kristensen said that companies should be more aware of potential security risks posed by unsecured printers.

‘Since printers are connected to the network, they can be vulnerable,’ he said. ‘Attackers might use a printer connection to get to other parts of a system, and sometimes it’s very easy to get into a company that way.’

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos