|
|
|
|
| |
Credit:
The information has been provided by Andrea Micalizzi aka rgod.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-12-013/
|
| |
Vulnerable Systems:
* Hewlett-Packard Easy Printer Care
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
Patch Availability:
Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02949847
CVE Information:
CVE-2011-4786
Disclosure Timeline:
2011-04-01 - Vulnerability reported to vendor
2012-01-12 - Coordinated public release of advisory
|
|
|
|
|
