CVE-2007-0161

Current Description

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

Basic Data

PublishedJanuary 10, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score4.1
SeverityMEDIUM
Exploitability Score2.7
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationHpPml Driver Hpz12********
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareHpColor Laserjet 4650********
    2.3HardwareHpOfficejet 4100********
    2.3HardwareHpOfficejet 5100********
    2.3HardwareHpOfficejet 5500********
    2.3HardwareHpOfficejet 6100********
    2.3HardwareHpOfficejet 7100********
    2.3HardwareHpOfficejet D********
    2.3HardwareHpOfficejet G********
    2.3HardwareHpOfficejet K********
    2.3HardwareHpPsc 1100********
    2.3HardwareHpPsc 1200********
    2.3HardwareHpPsc 1210 All-in-one********
    2.3HardwareHpPsc 1300********
    2.3HardwareHpPsc 2100********
    2.3HardwareHpPsc 2200********
    2.3HardwareHpPsc 2400 Photosmart All-in-one********
    2.3HardwareHpPsc 2500 Photosmart All-in-one********
    2.3HardwareHpPsc 2510 Photosmart********
    2.3HardwareHpPsc 700********
    2.3HardwareHpPsc 900********

Vulnerable Software List

VendorProductVersions
Hp Officejet 6100 *
Hp Psc 1210 All-in-one *
Hp Officejet 7100 *
Hp Officejet D *
Hp Officejet G *
Hp Officejet K *
Hp Psc 1100 *
Hp Psc 1200 *
Hp Psc 1300 *
Hp Psc 2100 *
Hp Psc 2200 *
Hp Psc 2400 Photosmart All-in-one *
Hp Psc 2500 Photosmart All-in-one *
Hp Psc 2510 Photosmart *
Hp Psc 700 *
Hp Psc 900 *
Hp Pml Driver Hpz12 *
Hp Color Laserjet 4650 *
Hp Officejet 4100 *
Hp Officejet 5100 *
Hp Officejet 5500 *

References

NameSourceURLTags
32654http://osvdb.org/32654OSVDB
23663http://secunia.com/advisories/23663SECUNIAVendor Advisory
2128http://securityreason.com/securityalert/2128SREASON
http://secway.org/advisory/AD20070108.txthttp://secway.org/advisory/AD20070108.txtMISCVendor Advisory
20070108 HP Multiple Products PML Driver Local Privilege Escalationhttp://www.securityfocus.com/archive/1/456259/100/0/threadedBUGTRAQ
21935http://www.securityfocus.com/bid/21935BIDExploit
ADV-2007-0094http://www.vupen.com/english/advisories/2007/0094VUPEN
pml-driver-config-privilege-escalation(31361)https://exchange.xforce.ibmcloud.com/vulnerabilities/31361XF