Description
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
Affected products
- HP / color_laserjet_4650
- HP / officejet_4100
- HP / officejet_5100
- HP / officejet_5500
- HP / officejet_6100
- HP / officejet_7100
- HP / officejet_d
- HP / officejet_g
- HP / officejet_k
- HP / pml_driver_hpz12
- HP / psc_1100
- HP / psc_1200
- HP / psc_1210_all-in-one
- HP / psc_1300
- HP / psc_2100
- HP / psc_2200
- HP / psc_2400_photosmart_all-in-one
- HP / psc_2500_photosmart_all-in-one
- HP / psc_2510_photosmart
- HP / psc_700
- HP / psc_900
References
- MISChttp://securityreason.com/securityalert/2128
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/31361
- VENDOR_ADVISORYhttp://secunia.com/advisories/23663
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0094
- MISChttp://osvdb.org/32654
- MISChttp://secway.org/advisory/AD20070108.txt
- MISChttp://www.securityfocus.com/bid/21935
- MISChttp://www.securityfocus.com/archive/1/456259/100/0/threaded