HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Remote Code Execution

Added: 08/29/2011
CVE: CVE-2011-2404
BID: 49100
OSVDB: 74510

Background

HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers.

Problem

HP Easy Printer Care Software HPTicketMgr.dll is vulnerable to directory traversal due to insufficient input validation by the HPTicketMgr.dll ActiveX control. A remote attacker could exploit this vulnerability by enticing a target user to view a maliciously crafted web page, thereby allowing the attacker to overwrite arbitrary files on the target computer with arbitrary content, which could lead to code execution.

Resolution

HP has discontinued this product and therefore has no patch or upgrade that fixes this problem. An alternate software package should be used.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-261/
http://packetstormsecurity.org/files/103861

Limitations

Exploit works on HP Easy Printer Care 2.5.5.165 and the target user must open the exploit file in Internet Explorer.

To open the shell connection, the target machine must reboot after the exploit script runs.

Platforms

Windows

Back to exploit index