ID

VAR-201503-0320

CVE

CVE-2014-7888

TITLE

HP Point of Sale PCs Running Windows With OPOS Drivers Arbitrary Code Execution Vulnerability

DESCRIPTION

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMICR.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, and Value Serial/USB Receipt printers, aka ZDI-CAN-2512. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the Open method in OPOSMICR.ocx. By supplying an overly long string to this method, an attacker can exploit this condition to achieve code execution under the context of the browser process. Attackers can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04583185 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04583185 Version: 2 HPSBHF03279 rev.2 - HP Point of Sale PCs Running Windows with OPOS Drivers, Remote Execution of Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. These vulnerabilities could be remotely exploited resulting in execution of code. References: CVE-2014-7888 (ZDI-CAN-2512, SSRT101696) CVE-2014-7889 (ZDI-CAN-2511, SSRT101695) CVE-2014-7890 (ZDI-CAN-2510, SSRT101694) CVE-2014-7891 (ZDI-CAN-2509, SSRT101693) CVE-2014-7892 (ZDI-CAN-2508, SSRT101692) CVE-2014-7893 (ZDI-CAN-2507, SSRT101691) CVE-2014-7894 (ZDI-CAN-2506, SSRT101690) CVE-2014-7895 (ZDI-CAN-2505, SSRT101689) CVE-2014-7897 (SSRT101689) CVE-2014-7898 (SSRT101689) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The package contains update common control objects for all of the impacted products in the table below. Download the SP70564 from the Support and Drivers site for the impacted product. Go to http://www.hp.com : Chose Support then Download Drivers Enter in your POS system name, such as product name HP rp5800 Retail System then click on Go. Choose the Appropriate OS after selecting the link for the appropriate product. The latest drivers will be in the Software - POS section. Download the OPOS Common Control Objects v1.13.003 Softpaq. HP Product Description Prod Num CVE Number, Impacted Driver Monitors HP Retail RP7 VFD Customer Display QZ701AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Display G6U79AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Retail Integrated 2x20 Complex G7G29AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Printers HP PUSB Thermal Receipt Printer ALL FK224AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP SerialUSB Thermal Receipt Printer BM476AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Hybrid POS Printer with MICR US FK184AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value PUSB Receipt Printer F7M67AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx HP Value Serial/USB Receipt Printer ALL F7M66AA / AT CVE-2014-7895 OPOSCashDrawer.ocx CVE-2014-7894 OPOSPOSPrinter.ocx CVE-2014-7888 OPOSMICR.ocx CVE-2014-7893 OPOSCheckScanner.ocx Cash Drawers HP USB Standard Duty Cash Drawer E8E45AA / AT CVE-2014-7895 OPOSCashDrawer.ocx MSR HP Mini MSR FK186AA / AT CVE-2014-7892 OPOSMSR.ocx HP Retail Integrated Dual-Head MSR QZ673AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head MSR w/o SRED J1A33AA / AT CVE-2014-7892 OPOSMSR.ocx HP Integrated Single Head w/o MSR SRED J1A34AA / AT CVE-2014-7892 OPOSMSR.ocx HP RP7 Single Head MSR w/o SRED K1K15AA/AT CVE-2014-7892 OPOSMSR.ocx Keyboards HP POS Keyboard FK221AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx HP POS Keyboard with MSR FK218AA / AT CVE-2014-7891 OPOSPOSKeyboard.ocx CVE-2014-7892 OPOSMSR.ocx CVE-2014-7890 OPOSToneIndicator.ocx Pole Displays POS Pole Display FK225AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP Graphical POS Pole Display QZ704AA / AT CVE-2014-7889 OPOSLineDisplay.ocx HP LCD Pole Display F7A93AA / AT CVE-2014-7889 OPOSLineDisplay.ocx Scanners HP Imaging Barcode Scanner BW868AA / AT CVE-2014-7897 OPOSScanner.ocx HP Linear Barcode Scanner QY405AA / AT CVE-2014-7897 OPOSScanner.ocx HP Presentation Barcode Scanner QY439AA / AT CVE-2014-7897 OPOSScanner.ocx HP Retail Integrated Barcode Scanner E1L07AA / AT CVE-2014-7897 OPOSScanner.ocx HP Wireless Barcode Scanner E6P34AA / AT CVE-2014-7897 OPOSScanner.ocx HP 2D Value Wireless Scanner K3L28AA CVE-2014-7897 OPOSScanner.ocx HISTORY Version:1 (rev.1) - 4 March 2015 Initial release Version:2 (rev.2) - 20 March 2015 Corrected and clarified download instructions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iEYEARECAAYFAlUMUjIACgkQ4B86/C0qfVkuCwCcC+h95jOOyvg4mWsqhdPSXYbV 9wEAniU7Opjr4sXaxMR+P0nqd3A6n+Zu =CQuO -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

Unknown

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ariele Caltabiano (kimiya)

SOURCES

LAST UPDATE DATE

2025-04-12T23:13:08.199000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE