Potential Security Impact: Local compromise of system integrity
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity.
References: CVE-2012-0133
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP 5400 zl series switch purchased after April 30, 2011 with the noted serial numbers for the following products:
[5] Jorge Luis Alvarez Medina, Abusing Insecure Feature of Internet
Explorer, Feb. 2010
http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-article.pdf
[6] Jorge Luis Alvarez Medina, Internet Explorer turns your personal
computer into a public File Server, BlackHat Technical Security
conference, Feb. 2010, Washington D.C., USA.
http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-BHDC2010-Slides.pdf
[7] Wikipedia, Trident (layout engine).
http://en.wikipedia.org/wiki/Trident_(layout_engine)
Carlos Sarraute (Core Security)
17h00-18h00 ? Evolution of Microsoft security mitigations ? Tim Burrell
(Microsoft)
Friday 2010-04-09:
10h30-11h30 ? Internet Explorer turns your personal computer into a
public file server ? Jorge Luis Alvarez Medina (Core Security)
11h30-12h30 ? Breaking Virtualization by switching to Virtual 8086 mode
? Jonathan Brossard (P1 Security)
14h00-15h00 ? Mac OS X Physical Memory Analysis ? Matthieu Suiche
Potential Security Impact: Local compromise of system integrity
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with certain HP ProCurve 5400 zl switches using a compact flash card which may contain malware content that is a PC trojan executable. The ProCurve switch operating system is not infected with the malware and the content on the compact flash card has no impact on the operation of the switch. Reuse of the compact flash card in a personal computer and manual execution of the malware content could result in a compromise of that system's integrity.
References: CVE-2012-0133
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP 5400 zl series switch purchased after April 30, 2011 with the noted serial numbers for the following products:
