CVE-2014-7890
First published: Mon Mar 09 2015(Updated: )
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.
Credit: hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP OLE Point of Sale Driver | <=1.13.001 | |
| HP POS Keyboard FK221AA | ||
| HP POS Keyboard with MSR |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-7890?
CVE-2014-7890 is considered to be a critical vulnerability allowing arbitrary code execution.
How do I fix CVE-2014-7890?
To mitigate CVE-2014-7890, update the OLE Point of Sale drivers to version 1.13.003 or later.
Who is affected by CVE-2014-7890?
CVE-2014-7890 affects systems using the OLE Point of Sale drivers prior to version 1.13.003 on HP Point of Sale Windows PCs.
What type of attack does CVE-2014-7890 enable?
CVE-2014-7890 enables remote attackers to execute arbitrary code on vulnerable systems.
What products are specifically involved in CVE-2014-7890?
CVE-2014-7890 specifically involves OPOSToneIndicator.ocx affecting HP Point of Sale hardware configurations.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp ole point of sale driver
- version/hp ole point of sale driver/1.13.001
- canonical/hp pos keyboard fk221aa
- canonical/hp pos keyboard with msr