Primary

Context

InsydeH2O Tools Buffer Overflow Vulnerability in H2OFFT64.sys

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the InsydeH2O tools, specifically in the H2OFFT64.sys driver. This vulnerability arises because the driver uses the RTL_QUERY_REGISTRY_DIRECT flag to read a registry value, which an untrusted user-mode application may exploit to cause a buffer overflow.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, allowing for potential arbitrary code execution or causing a crash.

Remediation

Users are advised to update to version 200.02.01.00 or newer. For those using HP tools, the following versions should be used: HP FlashWin 6.51.00, HP Readback tool 1.2.4.0, HP FlashVerifyUtility 6.2.5.0, or HP IsSecureBootKeyInstaller 1.2.0.2.

Added: Jan 14, 2026, 2:20 AM

Updated: Jan 14, 2026, 2:20 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

3.3

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

InsydeH2O Tools Buffer Overflow Vulnerability in H2OFFT64.sys

Vulnerability

Impact

Remediation

Affected Products

InsydeH2O

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating