SAINT CorporationSAINT:05C5D15CCBF7795757186166A10CD420HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Remote Code Execution
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.825 High
EPSS
Percentile
98.1%
Added: 08/29/2011
CVE: CVE-2011-2404
BID: 49100
OSVDB: 74510
Background
HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers.
Problem
HP Easy Printer Care Software **HPTicketMgr.dll** is vulnerable to directory traversal due to insufficient input validation by the **HPTicketMgr.dll** ActiveX control. A remote attacker could exploit this vulnerability by enticing a target user to view a maliciously crafted web page, thereby allowing the attacker to overwrite arbitrary files on the target computer with arbitrary content, which could lead to code execution.
Resolution
HP has discontinued this product and therefore has no patch or upgrade that fixes this problem. An alternate software package should be used.
References
<http://www.zerodayinitiative.com/advisories/ZDI-11-261/>
<http://packetstormsecurity.org/files/103861>
Limitations
Exploit works on HP Easy Printer Care 2.5.5.165 and the target user must open the exploit file in Internet Explorer.
To open the shell connection, the target machine must reboot after the exploit script runs.
Platforms
Windows
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.825 High
EPSS
Percentile
98.1%