Hewlett-Packard acknowledged this week that software used to control two of its color printers could be exploited by attackers to remotely steal files from Windows PCs.
The bug, which Danish vulnerability tracker Secunia dubbed "less critical," affects the Toolbox software included with the Color LaserJet 2500 and Color LaserJet 4600. In its default configuration, the Toolbox -- which lets users remotely monitor the status of a connected printer -- could allow an attacker to hack into jacked-in computers, then read any file on the hard disk.
HP'sadvisory links to an update to the Toolbox that patches the bug.
"A vulnerability like this opens the door for hackers to spy on your sensitive information," said Graham Cluley, a senior technology consultant at U.K. security company Sophos. "Users running the affected software should upgrade as soon as possible."
Many of HP's business-class printers come with similar software -- which installs an HTTP server on the connected PC -- for remotely changing printer settings, receiving alerts (such as paper jams), and monitoring the amount of remaining toner.