Vulnerability Details CVE-2007-0161
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.8%
CVSS Severity
CVSS v2 Score 4.1
References
- http://osvdb.org/32654
- http://secunia.com/advisories/23663
- http://securityreason.com/securityalert/2128
- http://secway.org/advisory/AD20070108.txt
- http://www.securityfocus.com/archive/1/456259/100/0/threaded
- http://www.securityfocus.com/bid/21935
- http://www.vupen.com/english/advisories/2007/0094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31361
- http://osvdb.org/32654
- http://secunia.com/advisories/23663
- http://securityreason.com/securityalert/2128
- http://secway.org/advisory/AD20070108.txt
- http://www.securityfocus.com/archive/1/456259/100/0/threaded
- http://www.securityfocus.com/bid/21935
- http://www.vupen.com/english/advisories/2007/0094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31361
Products affected by CVE-2007-0161
-
cpe:2.3:a:hp:pml_driver_hpz12:-
-
cpe:2.3:h:hp:color_laserjet_4650:-
-
cpe:2.3:h:hp:officejet_4100:-
-
cpe:2.3:h:hp:officejet_5100:-
-
cpe:2.3:h:hp:officejet_5500:-
-
cpe:2.3:h:hp:officejet_6100:-
-
cpe:2.3:h:hp:officejet_7100:-
-
cpe:2.3:h:hp:officejet_d:-
-
cpe:2.3:h:hp:officejet_g:-
-
cpe:2.3:h:hp:officejet_k:-
-
cpe:2.3:h:hp:psc_1100:-
-
cpe:2.3:h:hp:psc_1200:-
-
cpe:2.3:h:hp:psc_1210_all-in-one:-
-
cpe:2.3:h:hp:psc_1210_all-in-one:1.0
-
cpe:2.3:h:hp:psc_1210_all-in-one:1.0.0.1
-
cpe:2.3:h:hp:psc_1300:-
-
cpe:2.3:h:hp:psc_2100:-
-
cpe:2.3:h:hp:psc_2200:-
-
cpe:2.3:h:hp:psc_2400_photosmart_all-in-one:-
-
cpe:2.3:h:hp:psc_2500_photosmart_all-in-one:-
-
cpe:2.3:h:hp:psc_2510_photosmart:-
-
cpe:2.3:h:hp:psc_700:-
-
cpe:2.3:h:hp:psc_900:-