1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HP Easy Printer CVE-2011-2404

Web Attack: HP Easy Printer CVE-2011-2404

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit Remote Code Execution in HP Easy Printer.

Additional Information

HP Easy Printer Care Software is a printer management tool.

HP Easy Printer Care Software running on Windows is prone to a remote code-execution vulnerability because of the 'HPTicketMgr.dll' ActiveX control. Specifically, the issue affects the 'SaveXML()' method, which allows an attacker to upload and execute arbitrary files on the victim's computer in the context of the application running the affected control (typically Internet Explorer).

The affected ActiveX control is identified by CLSID:

466576F3-19B6-4FF1-BD48-3E0E1BFB96E9

HP Easy Printer Care Software 2.5 and prior versions are vulnerable.

Affected

  • HP Easy Printer Care Software 2.5 and prior versions

Response

Vendor updates are available. Please see the referenced advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube