CVE-2014-7892

Published: Mar 9, 2015Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.

Affected (1)

Products: Hp: Ole Point Of Sale Driver

1 product

Ole Point Of Sale Driver

Configuration A

1 vulnerable · 7 platform

Vulnerable Software	Affected Versions
Hp Ole Point Of Sale Driver	Up to 1.13.001

Running on/with	Platform Versions
Hp Integrated Single Head Msr W/o Sred J1a33aa	All versions
Hp Integrated Single Head W/o Msr Sred J1a34aa	All versions
Hp Mini Msr Fk186aa	All versions
Hp Pos Keyboard Fk221aa	All versions
Hp Pos Keyboard With Msr Fk218aa	All versions
Hp Retail Integrated Dual Head Msr Qz673aa	All versions
Hp Rp7 Single Head Msr W/o Sred K1k15aa	All versions

References (4)

http://www.securitytracker.com/id/1031840

Source: hp-security-alert@hp.com

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185

Source: hp-security-alert@hp.com

Vendor Advisory

http://www.securitytracker.com/id/1031840

Source: af854a3a-2127-422b-91ae-364da2661108

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.