Hewlett-Packard acknowledged this week that software used to control two of its color printers could be exploited by attackers to remotely steal files from Windows PCs.
The bug, which Danish vulnerability tracker Secunia dubbed "less critical," affects the Toolbox software included with the Color LaserJet 2500 and Color LaserJet 4600. In its default configuration, the Toolbox -- which lets users remotely monitor the status of a connected printer -- could allow an attacker to hack into jacked-in computers, then read any file on the hard disk.
HP's
advisory links to an update to the Toolbox that patches the bug.
News Source:
channelweb.com