Lucene search
Andrea Micalizzi aka rgodZDI-11-261HistoryAug 16, 2011 - 12:00 a.m.
HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
2011-08-1600:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
16
0.826 High
EPSS
Percentile
98.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
Related
saint
saint
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
[security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code
2011-08-12 00:00:00
ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
2011-08-17 00:00:00
HP Easy Printer Care Software ActiveX unauthorized access
2012-01-16 00:00:00
packetstorm
packetstorm
d2
d2
DSquare Exploit Pack: D2SEC_HPEASY
2011-08-11 22:55:00
nessus
nessus
MS11-090: Cumulative Security Update of ActiveX Kill Bits (2618451)
2011-12-13 00:00:00
cvelist
cvelist
cve
cve
prion
prion
Design/Logic Flaw
2012-01-12 19:55:00
Design/Logic Flaw
2012-01-12 19:55:00
Design/Logic Flaw
2011-08-11 22:55:00
nvd
nvd
