|
|
|
|
| |
Credit:
The information has been provided by Andrea Micalizzi.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-261/
|
| |
Vulnerable Systems:
* HP Easy Printer Care
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
Workaround:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02949847
CVE Information:
CVE-2011-2404
Disclosure Timeline:
2011-02-17 - Vulnerability reported to vendor
2011-08-16 - Coordinated public release of advisory
|
|
|
|
|
