HTTP: HP Easy Printer Care ActiveX Control Directory Traversal
This signature detects attempts to exploit a known flaw in HP Easy Printer Care. A remote attacker could exploit this vulnerability by enticing a target user to visit a malicious web page. A successful attack would result in execution of arbitrary attacker code in the security context of the current user running the browser.
Extended Description
HP Easy Printer Care Software running on Windows is prone to a remote code-execution vulnerability. An attacker could exploit this issue to write arbitrary data to a local file and execute that data in the context of the application using the affected control (typically Internet Explorer). HP Easy Printer Care Software 2.5 and prior versions are vulnerable.
Affected Products
Hp easy_printer_care_software
Short Name
HTTP:STC:ACTIVEX:HP-EASY-XML
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2011-4786 Care Control Directory Easy HP Printer Traversal bid:51396
Release Date
01/24/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
9.3