var-201108-0085
Vulnerability from variot
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser. Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer). ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: HP Easy Printer Care HPTicketMgr ActiveX Control "SaveXML()" Insecure Method
SECUNIA ADVISORY ID: SA45676
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45676/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45676
RELEASE DATE: 2011-08-23
DISCUSS ADVISORY: http://secunia.com/advisories/45676/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45676/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45676
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in HP Easy Printer Care Software, which can be exploited by malicious people to compromise a user' system.
The vulnerability is caused due an input validation error in the "SaveXML()" method of the XMLSimpleAccessor class (HPTicketMgr.dll). tricking a user into visiting a specially crafted website.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 2.5 and prior bundling HPTicketMgr.dll.
PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod via ZDI.
ORIGINAL ADVISORY: HPSBPI02698 SSRT100404: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02949847
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-261/
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02949847 Version: 2
HPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
References: CVE-2011-2404 , ZDI-CAN-1092, CVE-2011-4786, ZDI-CAN-1093, CVE-2011-4787, ZDI-CAN-1117
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This Windows software could be used in conjunction with the following Laser Jet and Color Laser Jet printer models:
Laser Jet P1005 / P1006 / P1007 / P1008 Laser Jet 1010 / 1012 / 1015 Laser Jet P1102 / P1102w Laser Jet M1120 / M1120n Laser Jet Pro M1132 / M1134 / M1136 / M1137 / M1138 / M1139 Laser Jet 1150 Laser Jet 1160 Laser Jet Pro M1212nf / M1213nf / N1214nfh / M1216nfh / M1217nfw / M1219nf Laser Jet 1300 Laser Jet 1320 Laser Jet P1505 Laser Jet 2100 Laser Jet 2200 Laser Jet 2300 / 2300L Laser Jet 2410 / 2420 / 2430 Laser Jet 3015 All-in-one Laser Jet 3020/3030 All-in-one Laser Jet 3050Z All-in-one Laser Jet 3380 All-in-one Laser Jet M3035mfp Laser Jet 4000 Laser Jet 4050 Laser Jet 4100 Laser Jet 4100mfp Laser Jet 4200 / 4240 / 4250 Laser Jet 4300 / 4350 Laser Jet M4345mfp Laser Jet 4345mfp Laser Jet 5000 Laser Jet M5035mfp Laser Jet 5100 Laser Jet 5200 / Laser Jet 5200L Laser Jet 8000 Laser Jet 8000mfp Laser Jet 8100 / 8150 Laser Jet 9000 Laser Jet 9000mfp / 9000Lmfp Laser Jet 9040 / 9050 Laser Jet 9040mfp / 9050mfp / 9055mfp / 9065mfp Color Laser Jet CP 1215 / 1217 Color Laser Jet CP 1514n / 1515n / 1518ni Color Laser Jet 2500 Color Laser Jet 2550 Color Laser Jet 2820 / 2840 All-in-one Color Laser Jet 3000 Color Laser Jet 3500 / 3550 Color Laser Jet 3600 Color Laser Jet 3700 Color Laser Jet 3800 Color Laser Jet4500 Color Laser Jet 4550 Color Laser Jet 4600 / 4610 / 4650 Color Laser Jet 4700 Color Laser Jet 4730mfp Color Laser Jet 5500 / 5550 Color Laser Jet 8500 Color Laser Jet 8550 Color Laser Jet 9500 Color Laser Jet 9500mfp
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-2404 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4786 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-4787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP Easy Printer Care Software v2.5 and earlier for Windows XP and Vista is no longer available from HP.
HP Recommends this software be uninstalled from the system as soon as possible. The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft's article KB240797 or subsequent. http://support.microsoft.com/kb/240797
HISTORY Version:1 (rev.1) - 8 August 2011 Initial release Version:2 (rev.2) - 11 Jan 2012 Added additional ZDI issues impacted in Easy Printer Care
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk8ODhAACgkQ4B86/C0qfVm6dwCfQLt0J9NhagY3TShIE2wi8ORc N+YAoKipdhM6KpyCOvQuHtSEFXGowR5M =1Ant -----END PGP SIGNATURE----- . URL (no login required): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c0294 9847
-- Disclosure Timeline: 2011-02-17 - Vulnerability reported to vendor 2011-08-16 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Andrea Micalizzi aka rgod
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter: http://twitter.com/thezdi
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "easy printer care software",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "2.5"
},
{
"_id": null,
"model": "easy printer care software",
"scope": "eq",
"trust": 0.9,
"vendor": "hp",
"version": "2.5"
},
{
"_id": null,
"model": "hp easy printer care",
"scope": "lte",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "2.5"
},
{
"_id": null,
"model": "easy printer care",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-261"
},
{
"db": "BID",
"id": "49100"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200"
},
{
"db": "NVD",
"id": "CVE-2011-2404"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hp:easy_printer_care_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
}
]
},
"credits": {
"_id": null,
"data": "HP",
"sources": [
{
"db": "BID",
"id": "49100"
},
{
"db": "PACKETSTORM",
"id": "103861"
},
{
"db": "PACKETSTORM",
"id": "108618"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199"
}
],
"trust": 1.1
},
"cve": "CVE-2011-2404",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-2404",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-50349",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-2404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-2404",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2011-2404",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201108-200",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-50349",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-261"
},
{
"db": "VULHUB",
"id": "VHN-50349"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200"
},
{
"db": "NVD",
"id": "CVE-2011-2404"
}
]
},
"description": {
"_id": null,
"data": "A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser. \nSuccessfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer). ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nHP Easy Printer Care HPTicketMgr ActiveX Control \"SaveXML()\" Insecure\nMethod\n\nSECUNIA ADVISORY ID:\nSA45676\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45676/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45676\n\nRELEASE DATE:\n2011-08-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45676/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45676/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45676\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in HP Easy Printer Care Software,\nwhich can be exploited by malicious people to compromise a user\u0027\nsystem. \n\nThe vulnerability is caused due an input validation error in the\n\"SaveXML()\" method of the XMLSimpleAccessor class (HPTicketMgr.dll). tricking a user into visiting a specially\ncrafted website. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in version 2.5 and prior bundling\nHPTicketMgr.dll. \n\nPROVIDED AND/OR DISCOVERED BY:\nAndrea Micalizzi aka rgod via ZDI. \n\nORIGINAL ADVISORY:\nHPSBPI02698 SSRT100404:\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02949847\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-261/\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02949847\nVersion: 2\n\nHPSBPI02698 SSRT100404 rev.2 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nReferences: CVE-2011-2404 , ZDI-CAN-1092, CVE-2011-4786, ZDI-CAN-1093, CVE-2011-4787, ZDI-CAN-1117\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This Windows software could be used in conjunction with the following Laser Jet and Color Laser Jet printer models:\n\nLaser Jet P1005 / P1006 / P1007 / P1008\nLaser Jet 1010 / 1012 / 1015\nLaser Jet P1102 / P1102w\nLaser Jet M1120 / M1120n\nLaser Jet Pro M1132 / M1134 / M1136 / M1137 / M1138 / M1139\nLaser Jet 1150\nLaser Jet 1160\nLaser Jet Pro M1212nf / M1213nf / N1214nfh / M1216nfh / M1217nfw / M1219nf\nLaser Jet 1300\nLaser Jet 1320\nLaser Jet P1505\nLaser Jet 2100\nLaser Jet 2200\nLaser Jet 2300 / 2300L\nLaser Jet 2410 / 2420 / 2430\nLaser Jet 3015 All-in-one\nLaser Jet 3020/3030 All-in-one\nLaser Jet 3050Z All-in-one\nLaser Jet 3380 All-in-one\nLaser Jet M3035mfp\nLaser Jet 4000\nLaser Jet 4050\nLaser Jet 4100\nLaser Jet 4100mfp\nLaser Jet 4200 / 4240 / 4250\nLaser Jet 4300 / 4350\nLaser Jet M4345mfp\nLaser Jet 4345mfp\nLaser Jet 5000\nLaser Jet M5035mfp\nLaser Jet 5100\nLaser Jet 5200 / Laser Jet 5200L\nLaser Jet 8000\nLaser Jet 8000mfp\nLaser Jet 8100 / 8150\nLaser Jet 9000\nLaser Jet 9000mfp / 9000Lmfp\nLaser Jet 9040 / 9050\nLaser Jet 9040mfp / 9050mfp / 9055mfp / 9065mfp\nColor Laser Jet CP 1215 / 1217\nColor Laser Jet CP 1514n / 1515n / 1518ni\nColor Laser Jet 2500\nColor Laser Jet 2550\nColor Laser Jet 2820 / 2840 All-in-one\nColor Laser Jet 3000*\nColor Laser Jet 3500 / 3550\nColor Laser Jet 3600\nColor Laser Jet 3700\nColor Laser Jet 3800*\nColor Laser Jet4500\nColor Laser Jet 4550\nColor Laser Jet 4600 / 4610 / 4650\nColor Laser Jet 4700*\nColor Laser Jet 4730mfp*\nColor Laser Jet 5500 / 5550\nColor Laser Jet 8500\nColor Laser Jet 8550\nColor Laser Jet 9500\nColor Laser Jet 9500mfp\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-2404 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-4786 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2011-4787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP Easy Printer Care Software v2.5 and earlier for Windows XP and Vista is no longer available from HP. \n\nHP Recommends this software be uninstalled from the system as soon as possible. The kill bit is set by modifying the data value of the Compatibility Flags DWORD value for the CLSID of this ActiveX control to 0x00000400. This is explained in Microsoft\u0027s article KB240797 or subsequent. http://support.microsoft.com/kb/240797\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2011 Initial release\nVersion:2 (rev.2) - 11 Jan 2012 Added additional ZDI issues impacted in Easy Printer Care\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in the title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk8ODhAACgkQ4B86/C0qfVm6dwCfQLt0J9NhagY3TShIE2wi8ORc\nN+YAoKipdhM6KpyCOvQuHtSEFXGowR5M\n=1Ant\n-----END PGP SIGNATURE-----\n. \nURL (no login required):\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c0294\n9847\n\n-- Disclosure Timeline:\n2011-02-17 - Vulnerability reported to vendor\n2011-08-16 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Andrea Micalizzi aka rgod\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n http://twitter.com/thezdi\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-2404"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
},
{
"db": "ZDI",
"id": "ZDI-11-261"
},
{
"db": "BID",
"id": "49100"
},
{
"db": "VULHUB",
"id": "VHN-50349"
},
{
"db": "PACKETSTORM",
"id": "104342"
},
{
"db": "PACKETSTORM",
"id": "103861"
},
{
"db": "PACKETSTORM",
"id": "108618"
},
{
"db": "PACKETSTORM",
"id": "104087"
}
],
"trust": 2.97
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-50349",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50349"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2011-2404",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-11-261",
"trust": 1.2
},
{
"db": "SREASON",
"id": "8348",
"trust": 1.1
},
{
"db": "SREASON",
"id": "8332",
"trust": 1.1
},
{
"db": "BID",
"id": "49100",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1092",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199",
"trust": 0.6
},
{
"db": "HP",
"id": "HPSBPI02698",
"trust": 0.6
},
{
"db": "HP",
"id": "SSRT100404",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17562",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "17597",
"trust": 0.6
},
{
"db": "BID",
"id": "49102",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "104087",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103861",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "108618",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "45676",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "104267",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71990",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "17697",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-50349",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "104342",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-261"
},
{
"db": "VULHUB",
"id": "VHN-50349"
},
{
"db": "BID",
"id": "49100"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
},
{
"db": "PACKETSTORM",
"id": "104342"
},
{
"db": "PACKETSTORM",
"id": "103861"
},
{
"db": "PACKETSTORM",
"id": "108618"
},
{
"db": "PACKETSTORM",
"id": "104087"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200"
},
{
"db": "NVD",
"id": "CVE-2011-2404"
}
]
},
"id": "VAR-201108-0085",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-50349"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:41:30.891000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HPSBPI02698 SSRT100404",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02949847"
},
{
"title": "Title: c02949847 8/8/2011 Printing and Imaging HPSBPI02698 SSRT100404 rev.1- HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary CodeURL (requires login) This URL will be available sometime in the future, if you need to use a no login required link.URL (no login required):http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02949847",
"trust": 0.7,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-261"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-50349"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
},
{
"db": "NVD",
"id": "CVE-2011-2404"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "http://marc.info/?l=bugtraq\u0026m=131291471508119\u0026w=2"
},
{
"trust": 1.1,
"url": "http://securityreason.com/securityalert/8332"
},
{
"trust": 1.1,
"url": "http://securityreason.com/securityalert/8348"
},
{
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02949847"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2404"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2404"
},
{
"trust": 0.7,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02949847"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49100"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/49102"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17562"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/17597"
},
{
"trust": 0.5,
"url": "http://support.microsoft.com/kb/240797"
},
{
"trust": 0.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-261/"
},
{
"trust": 0.3,
"url": "http://h20271.www2.hp.com/smb-ap/cache/470575-0-0-190-121.html"
},
{
"trust": 0.3,
"url": "/archive/1/519191"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-090"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2404"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=131291471508119\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45676"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45676/"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/242"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/45676/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4786"
},
{
"trust": 0.1,
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4787"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c0294"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-11-261"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-11-261"
},
{
"db": "VULHUB",
"id": "VHN-50349"
},
{
"db": "BID",
"id": "49100"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700"
},
{
"db": "PACKETSTORM",
"id": "104342"
},
{
"db": "PACKETSTORM",
"id": "103861"
},
{
"db": "PACKETSTORM",
"id": "108618"
},
{
"db": "PACKETSTORM",
"id": "104087"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200"
},
{
"db": "NVD",
"id": "CVE-2011-2404"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-11-261",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-50349",
"ident": null
},
{
"db": "BID",
"id": "49100",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004700",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "104342",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "103861",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "108618",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "104087",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2011-2404",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2011-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-11-261",
"ident": null
},
{
"date": "2011-08-11T00:00:00",
"db": "VULHUB",
"id": "VHN-50349",
"ident": null
},
{
"date": "2011-08-09T00:00:00",
"db": "BID",
"id": "49100",
"ident": null
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004700",
"ident": null
},
{
"date": "2011-08-22T08:49:52",
"db": "PACKETSTORM",
"id": "104342",
"ident": null
},
{
"date": "2011-08-10T04:17:30",
"db": "PACKETSTORM",
"id": "103861",
"ident": null
},
{
"date": "2012-01-13T01:46:57",
"db": "PACKETSTORM",
"id": "108618",
"ident": null
},
{
"date": "2011-08-16T22:22:00",
"db": "PACKETSTORM",
"id": "104087",
"ident": null
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-199",
"ident": null
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-200",
"ident": null
},
{
"date": "2011-08-11T22:55:01.037000",
"db": "NVD",
"id": "CVE-2011-2404",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2011-08-16T00:00:00",
"db": "ZDI",
"id": "ZDI-11-261",
"ident": null
},
{
"date": "2012-01-14T00:00:00",
"db": "VULHUB",
"id": "VHN-50349",
"ident": null
},
{
"date": "2011-12-13T19:38:00",
"db": "BID",
"id": "49100",
"ident": null
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004700",
"ident": null
},
{
"date": "2011-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-199",
"ident": null
},
{
"date": "2011-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201108-200",
"ident": null
},
{
"date": "2024-11-21T01:28:12.647000",
"db": "NVD",
"id": "CVE-2011-2404",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "104087"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200"
}
],
"trust": 1.3
},
"title": {
"_id": null,
"data": "HP Easy Printer Care Software \u0027HPTicketMgr.dll\u0027 ActiveX Control Remote Code Execution Vulnerability",
"sources": [
{
"db": "BID",
"id": "49100"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-199"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201108-199"
},
{
"db": "CNNVD",
"id": "CNNVD-201108-200"
}
],
"trust": 1.2
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.