Remote Code Execution Vulnerability in HP Point of Sale Software
CVE-2014-7888

Currently unrated

Key Information:

Vendor: HP
Status: Ole Point Of Sale Driver
Vendor: CVE Published:; 9 March 2015

Summary

The OPOS drivers prior to version 1.13.003 for HP Point of Sale Windows PCs have a vulnerability that allows remote attackers to execute arbitrary code. This is achievable through specific manipulations involving the OPOSMICR.ocx component, which interfaces with various Thermal Receipt printers such as PUSB and SerialUSB models. It is crucial for users and administrators to update their OPOS drivers to mitigate potential security risks.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1031840

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 9, 2015
Vulnerability Reserved
Oct 6, 2014