Computer Security
[EN] securityvulns.ru no-pyccku


Hewlett Packard multiple printers privilege escalation
Published:09.01.2007
Source:
SecurityVulns ID:7022
Type:local
Threat Level:
7/10
Description:Local user have full access to printer service "PML Driver HPZ12" thorugh service manager, making it possible to configure any executable to be run with local system privileges.
Affected:HP : HP PSC 700
 HP : HP PSC 900
 HP : HP PSC 1100
 HP : HP PSC 1200
 HP : HP PSC 1300
 HP : HP PSC 2100
 HP : HP PSC 2200
 HP : HP PSC 2400
 HP : HP PSC 2500
 HP : HP Officejet D
 HP : HP Officejet G
 HP : HP Officejet K
 HP : HP Officejet 4100
 HP : HP Officejet 5100
 HP : HP Officejet 5500
 HP : HP Officejet 6100
 HP : Officejet 7100
 HP : LaserJet 4650
CVE:CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.)
Original documentdocumentSowhat ., HP Multiple Products PML Driver Local Privilege Escalation (09.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod