Remote Code Execution Vulnerability in HP Point of Sale Drivers
CVE-2014-7891

Currently unrated

Key Information:

Vendor: HP
Status: Ole Point Of Sale Driver
Vendor: CVE Published:; 9 March 2015

Summary

The OPOS drivers for HP Point of Sale systems prior to version 1.13.003 contain a vulnerability that allows remote attackers to execute arbitrary code. This issue arises from improper handling involving OPOSPOSKeyboard.ocx, which affects POS keyboards and their integration with magnetic stripe readers (MSR). When exploited, this vulnerability can enable unauthorized commands, potentially compromising sensitive information and operations within affected systems. Users of HP POS solutions are advised to update their drivers to mitigate the associated risks.

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1031840

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 9, 2015
Vulnerability Reserved
Oct 6, 2014