Описание
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hp:pml_driver_hpz12:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_4100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_5100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_5500:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_6100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_7100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_d:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_g:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:officejet_k:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_1100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_1200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_1210_all-in-one:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_1300:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_2100:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_2200:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_2400_photosmart_all-in-one:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_2500_photosmart_all-in-one:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_2510_photosmart:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_700:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:psc_900:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00158
Низкий
4.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
EPSS
Процентиль: 37%
0.00158
Низкий
4.1 Medium
CVSS2
Дефекты
NVD-CWE-Other