HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution

Added: 01/26/2012
CVE: CVE-2011-4786
BID: 51396
OSVDB: 78306


HP Easy Printer Care Software is a tool to control and monitor up to 20 HP printers.


HP Easy Printer Care Software 2.5 and prior versions are vulnerable to remote code execution. The CacheDocumentXMLWithId method from the XMLCacheMgr class in the HP Easy Printer HPTicketMgr.dll ActiveX Control ( is vulnerable to directory traversal and arbitrary write. A remote attacker could leverage this vulnerability to execute code in the context of the Internet Explorer web browser.


HP has discontinued this product and therefore has no patch or upgrade that fixes this problem. HP recommends uninstalling this software as soon as possible. If the Easy Printer Care software is not uninstalled, HP recommends setting the kill bit for the vulnerable ActiveX control Class identifier (CLSID) {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9} as explained in Microsoft's knowledge base article KB240797.




This exploit has been tested on HP Easy Printer Care on Microsoft Windows XP SP3 English (DEP OptIn).

The user must open the exploit file in Internet Explorer 7 or 8.



Back to exploit index