Signature Detail
Short Name |
HTTP:STC:ACTIVEX:HP-EASY-XML |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
HP Easy Printer Care ActiveX Control Directory Traversal |
Release Date |
2012/01/24 |
Update Number |
2069 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: HP Easy Printer Care ActiveX Control Directory Traversal
This signature detects attempts to exploit a known flaw in HP Easy Printer Care. A remote attacker could exploit this vulnerability by enticing a target user to visit a malicious web page. A successful attack would result in execution of arbitrary attacker code in the security context of the current user running the browser.
Extended Description
HP Easy Printer Care Software running on Windows is prone to a remote code-execution vulnerability. An attacker could exploit this issue to write arbitrary data to a local file and execute that data in the context of the application using the affected control (typically Internet Explorer). HP Easy Printer Care Software 2.5 and prior versions are vulnerable.
Affected Products
- HP Easy Printer Care Software 2.5
References
- BugTraq: 51396
- CVE: CVE-2011-4786