Remote Code Execution Vulnerability in HP Point of Sale OLE Drivers
CVE-2014-7892

Currently unrated

Key Information:

Vendor: HP
Status: Ole Point Of Sale Driver
Vendor: CVE Published:; 9 March 2015

What is CVE-2014-7892?

The OLE Point of Sale (OPOS) drivers for HP Point of Sale systems prior to version 1.13.003 are susceptible to vulnerabilities that enable remote attackers to execute arbitrary code. This exploitation can occur through various interfaces, including OPOSMSR.ocx, affecting multiple magnetic stripe readers and POS keyboards. Attackers can leverage these flaws to compromise system integrity and execute unauthorized commands, posing significant security risks to affected installations.

References

http://www.securitytracker.com/id/1031840

vdb-entryx_refsource_SECTRACK

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/doc...

vendor-advisoryx_refsource_HP

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 9, 2015
Vulnerability Reserved
Oct 6, 2014