CVE-2014-7889
Summary
| CVE | CVE-2014-7889 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-09 17:59:00 UTC |
| Updated | 2019-10-09 23:12:00 UTC |
| Description | The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display monitors, Retail Integrated 2x20 Complex monitors, POS Pole Display monitors, Graphical POS Pole Display monitors, and LCD Pole Display monitors, aka ZDI-CAN-2511. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Hp | Graphical Pos Pole Display Qz704aa | All | All | All | All |
| Hardware | Hp | Graphical Pos Pole Display Qz704aa | All | All | All | All |
| Hardware | Hp | Lcd Pole Display F7a93aa | All | All | All | All |
| Hardware | Hp | Lcd Pole Display F7a93aa | All | All | All | All |
| Application | Hp | Ole Point Of Sale Driver | All | All | All | All |
| Hardware | Hp | Pos Pole Display Fk225aa | All | All | All | All |
| Hardware | Hp | Pos Pole Display Fk225aa | All | All | All | All |
| Hardware | Hp | Retail Integrated 2x20 Complex G7g29aa | All | All | All | All |
| Hardware | Hp | Retail Integrated 2x20 Complex G7g29aa | All | All | All | All |
| Hardware | Hp | Retail Integrated 2x20 Display G6u79aa | All | All | All | All |
| Hardware | Hp | Retail Integrated 2x20 Display G6u79aa | All | All | All | All |
| Hardware | Hp | Retail Rp7 Vfd Customer Display Qz701aa | All | All | All | All |
| Hardware | Hp | Retail Rp7 Vfd Customer Display Qz701aa | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SSRT101695 | HP | h20564.www2.hp.com | Vendor Advisory |
| HP Point of Sale PCs Have Unspecified Bugs That Let Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.