This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit Remote Code Execution in HP Easy Printer.
HP Easy Printer Care Software is a printer management tool.
HP Easy Printer Care Software running on Windows is prone to a remote code-execution vulnerability because of the 'HPTicketMgr.dll' ActiveX control. Specifically, the issue affects the 'SaveXML()' method, which allows an attacker to upload and execute arbitrary files on the victim's computer in the context of the application running the affected control (typically Internet Explorer).
The affected ActiveX control is identified by CLSID:
HP Easy Printer Care Software 2.5 and prior versions are vulnerable.
- HP Easy Printer Care Software 2.5 and prior versions
Vendor updates are available. Please see the referenced advisory for more information.