ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-014 January 12, 2012 - -- CVE ID: CVE-2011-4787 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -...

Design/Logic Flaw

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787...

CVE-2011-4787

CVE-2011-4787 concerns a vulnerability in HP Easy Printer Care Software prior to or including version 2.5, specifically an ActiveX control in HPTicketMgr.dll. The description states that this control allows remote attackers to download an arbitrary program onto a client machine and execute it via...

Design/Logic Flaw

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787...