CVE-2011-4786 (GCVE-0-2011-4786)

Vulnerability from cvelistv5

Published

2012-01-12 19:00

Modified

2024-09-17 00:01

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2011-4786

Vulnerability from fkie_nvd

Published

2012-01-12 19:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	hp-security-alert@hp.com	http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html

Impacted products

	Vendor	Product	Version
	hp	easy_printer_care_software	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hp:easy_printer_care_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7A3A4C7-4C52-4C71-8CF0-5C8CAB60B796",
              "versionEndIncluding": "2.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787."
    },
    {
      "lang": "es",
      "value": "Un control ActiveX en HPTicketMgr.dll en HP Easy Printer Care Software v2.5 y anteriores permite a atacantes remotos descargar un programa de su elecci\u00f3n en una m\u00e1quina cliente y ejecutar este programa, a trav\u00e9s de vectores de ataque no especificados, una vulnerabilidad diferente de CVE-2011-2404 y CVE-2011-4787."
    }
  ],
  "evaluatorComment": "http://www.zerodayinitiative.com/advisories/ZDI-12-013/\r\n\r\n\"The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.\"",
  "id": "CVE-2011-4786",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-01-12T19:55:00.810",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2011-4786

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2011-4786

Aliases

CVE-2011-4786

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4786",
    "description": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.",
    "id": "GSD-2011-4786",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2011-4786"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4786"
      ],
      "details": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.",
      "id": "GSD-2011-4786",
      "modified": "2023-12-13T01:19:05.864824Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2011-4786",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "HPSBPI02698",
            "refsource": "HP",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
          },
          {
            "name": "SSRT100404",
            "refsource": "HP",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:easy_printer_care_software:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-4786"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT100404",
              "refsource": "HP",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-10-09T23:03Z",
      "publishedDate": "2012-01-12T19:55Z"
    }
  }
}

ghsa-6xww-7r57-hfp7

Vulnerability from github

Published

2022-05-13 01:39

Modified

2022-05-13 01:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-01-12T19:55:00Z",
    "severity": "HIGH"
  },
  "details": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.",
  "id": "GHSA-6xww-7r57-hfp7",
  "modified": "2022-05-13T01:39:25Z",
  "published": "2022-05-13T01:39:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4786"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser. An attacker could exploit this issue to write arbitrary data to a local file and execute that data in the context of the application using the affected control (typically Internet Explorer). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02949847 Version: 2

HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability can be remotely exploited to write arbitrary files to the system and execute them via the browser.

References: CVE-2011-2404 , ZDI-CAN-1092, CVE-2011-4786, ZDI-CAN-1093, CVE-2011-4787, ZDI-CAN-1117

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This Windows software could be used in conjunction with the following Laser Jet and Color Laser Jet printer models:

Laser Jet P1005 / P1006 / P1007 / P1008 Laser Jet 1010 / 1012 / 1015 Laser Jet P1102 / P1102w Laser Jet M1120 / M1120n Laser Jet Pro M1132 / M1134 / M1136 / M1137 / M1138 / M1139 Laser Jet 1150 Laser Jet 1160 Laser Jet Pro M1212nf / M1213nf / N1214nfh / M1216nfh / M1217nfw / M1219nf Laser Jet 1300 Laser Jet 1320 Laser Jet P1505 Laser Jet 2100 Laser Jet 2200 Laser Jet 2300 / 2300L Laser Jet 2410 / 2420 / 2430 Laser Jet 3015 All-in-one Laser Jet 3020/3030 All-in-one Laser Jet 3050Z All-in-one Laser Jet 3380 All-in-one Laser Jet M3035mfp Laser Jet 4000 Laser Jet 4050 Laser Jet 4100 Laser Jet 4100mfp Laser Jet 4200 / 4240 / 4250 Laser Jet 4300 / 4350 Laser Jet M4345mfp Laser Jet 4345mfp Laser Jet 5000 Laser Jet M5035mfp Laser Jet 5100 Laser Jet 5200 / Laser Jet 5200L Laser Jet 8000 Laser Jet 8000mfp Laser Jet 8100 / 8150 Laser Jet 9000 Laser Jet 9000mfp / 9000Lmfp Laser Jet 9040 / 9050 Laser Jet 9040mfp / 9050mfp / 9055mfp / 9065mfp Color Laser Jet CP 1215 / 1217 Color Laser Jet CP 1514n / 1515n / 1518ni Color Laser Jet 2500 Color Laser Jet 2550 Color Laser Jet 2820 / 2840 All-in-one Color Laser Jet 3000 Color Laser Jet 3500 / 3550 Color Laser Jet 3600 Color Laser Jet 3700 Color Laser Jet 3800 Color Laser Jet4500 Color Laser Jet 4550 Color Laser Jet 4600 / 4610 / 4650 Color Laser Jet 4700 Color Laser Jet 4730mfp Color Laser Jet 5500 / 5550 Color Laser Jet 8500 Color Laser Jet 8550 Color Laser Jet 9500 Color Laser Jet 9500mfp

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2011-2404 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4786 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP Easy Printer Care Software v2.5 and earlier for Windows XP and Vista is no longer available from HP.

HP Recommends this software be uninstalled from the system as soon as possible. The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft's article KB240797 or subsequent. http://support.microsoft.com/kb/240797

HISTORY Version:1 (rev.1) - 8 August 2011 Initial release Version:2 (rev.2) - 11 Jan 2012 Added additional ZDI issues impacted in Easy Printer Care

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk8ODhAACgkQ4B86/C0qfVm6dwCfQLt0J9NhagY3TShIE2wi8ORc N+YAoKipdhM6KpyCOvQuHtSEFXGowR5M =1Ant -----END PGP SIGNATURE----- .

-- Vendor Response:

Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:

http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847

-- Disclosure Timeline: 2011-04-01 - Vulnerability reported to vendor

2012-01-12 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by:
Andrea Micalizzi aka rgod
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0274",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "easy printer care software",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "hp",
        "version": "2.5"
      },
      {
        "model": "easy printer care software",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "hp",
        "version": "2.5"
      },
      {
        "model": "hp easy printer care",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "2.5"
      },
      {
        "model": "easy printer care",
        "scope": null,
        "trust": 0.7,
        "vendor": "hewlett packard",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "BID",
        "id": "51396"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:hp:easy_printer_care_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Andrea Micalizzi aka rgod",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "BID",
        "id": "51396"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2011-4786",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-4786",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-4786",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-52731",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-4786",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-4786",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2011-4786",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201201-140",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-52731",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser. \nAn attacker could exploit this issue to write arbitrary data to a local  file and execute that data in the context of the application using the  affected control (typically Internet Explorer). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02949847\nVersion: 2\n\nHPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. The vulnerability can be remotely exploited to write arbitrary files to the system and execute them via the browser. \n\nReferences: CVE-2011-2404 , ZDI-CAN-1092, CVE-2011-4786, ZDI-CAN-1093, CVE-2011-4787, ZDI-CAN-1117\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This Windows software could be used in conjunction with the following Laser Jet and Color Laser Jet printer models:\n\nLaser Jet P1005 / P1006 / P1007 / P1008\nLaser Jet 1010 / 1012 / 1015\nLaser Jet P1102 / P1102w\nLaser Jet M1120 / M1120n\nLaser Jet Pro M1132 / M1134 / M1136 / M1137 / M1138 / M1139\nLaser Jet 1150\nLaser Jet 1160\nLaser Jet Pro M1212nf / M1213nf / N1214nfh / M1216nfh / M1217nfw / M1219nf\nLaser Jet 1300\nLaser Jet 1320\nLaser Jet P1505\nLaser Jet 2100\nLaser Jet 2200\nLaser Jet 2300 / 2300L\nLaser Jet 2410 / 2420 / 2430\nLaser Jet 3015 All-in-one\nLaser Jet 3020/3030 All-in-one\nLaser Jet 3050Z All-in-one\nLaser Jet 3380 All-in-one\nLaser Jet M3035mfp\nLaser Jet 4000\nLaser Jet 4050\nLaser Jet 4100\nLaser Jet 4100mfp\nLaser Jet 4200 / 4240 / 4250\nLaser Jet 4300 / 4350\nLaser Jet M4345mfp\nLaser Jet 4345mfp\nLaser Jet 5000\nLaser Jet M5035mfp\nLaser Jet 5100\nLaser Jet 5200 / Laser Jet 5200L\nLaser Jet 8000\nLaser Jet 8000mfp\nLaser Jet 8100 / 8150\nLaser Jet 9000\nLaser Jet 9000mfp / 9000Lmfp\nLaser Jet 9040 / 9050\nLaser Jet 9040mfp / 9050mfp / 9055mfp / 9065mfp\nColor Laser Jet CP 1215 / 1217\nColor Laser Jet CP 1514n / 1515n / 1518ni\nColor Laser Jet 2500\nColor Laser Jet 2550\nColor Laser Jet 2820 / 2840 All-in-one\nColor Laser Jet 3000*\nColor Laser Jet 3500 / 3550\nColor Laser Jet 3600\nColor Laser Jet 3700\nColor Laser Jet 3800*\nColor Laser Jet4500\nColor Laser Jet 4550\nColor Laser Jet 4600 / 4610 / 4650\nColor Laser Jet 4700*\nColor Laser Jet 4730mfp*\nColor Laser Jet 5500 / 5550\nColor Laser Jet 8500\nColor Laser Jet 8550\nColor Laser Jet 9500\nColor Laser Jet 9500mfp\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2011-2404    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-4786    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\nCVE-2011-4787    (AV:N/AC:L/Au:N/C:P/I:P/A:P)       7.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP Easy Printer Care Software v2.5 and earlier for Windows XP and Vista is no longer available from HP. \n\nHP Recommends this software be uninstalled from the system as soon as possible. The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft\u0027s article KB240797 or subsequent. http://support.microsoft.com/kb/240797\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2011 Initial release\nVersion:2 (rev.2) - 11 Jan 2012 Added additional ZDI issues impacted in Easy Printer Care\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel.  For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk8ODhAACgkQ4B86/C0qfVm6dwCfQLt0J9NhagY3TShIE2wi8ORc\nN+YAoKipdhM6KpyCOvQuHtSEFXGowR5M\n=1Ant\n-----END PGP SIGNATURE-----\n. \n\n- -- Vendor Response:\n\nHewlett-Packard has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847\n\n\n\n\n- -- Disclosure Timeline:\n2011-04-01 - Vulnerability reported to vendor\n\n2012-01-12 - Coordinated public release of advisory\n\n\n\n- -- Credit:\nThis vulnerability was discovered by:\n\n* Andrea Micalizzi aka rgod\n\n\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "BID",
        "id": "51396"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "db": "PACKETSTORM",
        "id": "108618"
      },
      {
        "db": "PACKETSTORM",
        "id": "108632"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-52731",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4786",
        "trust": 3.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-12-013",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1093",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "51396",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "108632",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-72499",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108769",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "18381",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-52731",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "108618",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "db": "BID",
        "id": "51396"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "PACKETSTORM",
        "id": "108618"
      },
      {
        "db": "PACKETSTORM",
        "id": "108632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "id": "VAR-201201-0274",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:42:08.203000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBPI02698 SSRT100404",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02949847"
      },
      {
        "title": "Hewlett-Packard has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html"
      },
      {
        "trust": 0.8,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02949847"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4786"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4786"
      },
      {
        "trust": 0.3,
        "url": "http://h20271.www2.hp.com/smb-ap/cache/470575-0-0-190-121.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-12-013/"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02949847\u0026ac.admitted=1326398703011.876444892.199480143"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4786"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2404"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4787"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
      },
      {
        "trust": 0.1,
        "url": "http://twitter.com/thezdi"
      },
      {
        "trust": 0.1,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-12-013"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "db": "BID",
        "id": "51396"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "PACKETSTORM",
        "id": "108618"
      },
      {
        "db": "PACKETSTORM",
        "id": "108632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "db": "BID",
        "id": "51396"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "db": "PACKETSTORM",
        "id": "108618"
      },
      {
        "db": "PACKETSTORM",
        "id": "108632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-01-12T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "date": "2012-01-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "date": "2012-01-12T00:00:00",
        "db": "BID",
        "id": "51396"
      },
      {
        "date": "2012-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "date": "2012-01-13T01:46:57",
        "db": "PACKETSTORM",
        "id": "108618"
      },
      {
        "date": "2012-01-13T02:07:33",
        "db": "PACKETSTORM",
        "id": "108632"
      },
      {
        "date": "2012-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "date": "2012-01-12T19:55:00.810000",
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-01-12T00:00:00",
        "db": "ZDI",
        "id": "ZDI-12-013"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52731"
      },
      {
        "date": "2012-01-18T07:10:00",
        "db": "BID",
        "id": "51396"
      },
      {
        "date": "2012-01-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      },
      {
        "date": "2024-11-21T01:33:00.103000",
        "db": "NVD",
        "id": "CVE-2011-4786"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "108632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP Easy Printer Care Software Vulnerable to downloading arbitrary programs",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001051"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201201-140"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-4786 (GCVE-0-2011-4786)

Vulnerability from cvelistv5

fkie_cve-2011-4786

Vulnerability from fkie_nvd

gsd-2011-4786

Vulnerability from gsd

ghsa-6xww-7r57-hfp7

Vulnerability from github

var-201201-0274

Vulnerability from variot

CVSS 2.0 Base Metrics

Tags

Sightings

Nomenclature