CVE-2014-7892 — HIGH (10.0)

Q: How severe is CVE-2014-7892?

CVE-2014-7892 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-7892?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Ole Point Of Sale Driver, Hp Integrated Single Head Msr W\/O Sred J1A33Aa, Hp Integrated Single Head W\/O Msr Sred J1A34Aa, Hp Mini Msr Fk186Aa, Hp Pos Keyboard Fk221Aa.

Vulnerability Description

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Hp	Ole Point Of Sale Driver	<= 1.13.001
Hp	Integrated Single Head Msr W\/O Sred J1A33Aa	All versions
Hp	Integrated Single Head W\/O Msr Sred J1A34Aa	All versions
Hp	Mini Msr Fk186Aa	All versions
Hp	Pos Keyboard Fk221Aa	-
Hp	Pos Keyboard With Msr Fk218Aa	-
Hp	Retail Integrated Dual-Head Msr Qz673Aa	All versions
Hp	Rp7 Single Head Msr W\/O Sred K1K15Aa	All versions

References

FAQ

What is CVE-2014-7892?

CVE-2014-7892 is a vulnerability with a CVSS score of 10.0 (HIGH). The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe rea...

How severe is CVE-2014-7892?

CVE-2014-7892 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-7892?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Ole Point Of Sale Driver, Hp Integrated Single Head Msr W\/O Sred J1A33Aa, Hp Integrated Single Head W\/O Msr Sred J1A34Aa, Hp Mini Msr Fk186Aa, Hp Pos Keyboard Fk221Aa.