Remote Code Execution Vulnerability in HP Point of Sale OLE Drivers
CVE-2014-7890

Currently unrated

Key Information:

Vendor

HP

Vendor
CVE Published:
9 March 2015

What is CVE-2014-7890?

The OLE Point of Sale (OPOS) drivers for HP Point of Sale systems prior to version 1.13.003 are susceptible to a remote code execution vulnerability. Attackers can exploit this weakness via specially crafted vectors involving the OPOSToneIndicator.ocx component. This poses significant risk for systems utilizing POS keyboards and associated magnetic stripe readers (MSR) as it allows malicious entities to execute arbitrary code, potentially leading to unauthorized access and control of affected systems.

References

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.