Vulnerability Description
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Pml Driver Hpz12 | All versions |
| Hp | Color Laserjet 4650 | All versions |
| Hp | Officejet 4100 | All versions |
| Hp | Officejet 5100 | All versions |
| Hp | Officejet 5500 | All versions |
| Hp | Officejet 6100 | All versions |
| Hp | Officejet 7100 | All versions |
| Hp | Officejet D | All versions |
| Hp | Officejet G | All versions |
| Hp | Officejet K | All versions |
| Hp | Psc 1100 | All versions |
| Hp | Psc 1200 | All versions |
| Hp | Psc 1210 All-In-One | All versions |
| Hp | Psc 1300 | All versions |
| Hp | Psc 2100 | All versions |
| Hp | Psc 2200 | All versions |
| Hp | Psc 2400 Photosmart All-In-One | All versions |
| Hp | Psc 2500 Photosmart All-In-One | All versions |
| Hp | Psc 2510 Photosmart | All versions |
| Hp | Psc 700 | All versions |
References
- http://osvdb.org/32654
- http://secunia.com/advisories/23663Vendor Advisory
- http://securityreason.com/securityalert/2128
- http://secway.org/advisory/AD20070108.txtVendor Advisory
- http://www.securityfocus.com/archive/1/456259/100/0/threaded
- http://www.securityfocus.com/bid/21935Exploit
- http://www.vupen.com/english/advisories/2007/0094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31361
- http://osvdb.org/32654
- http://secunia.com/advisories/23663Vendor Advisory
- http://securityreason.com/securityalert/2128
- http://secway.org/advisory/AD20070108.txtVendor Advisory
- http://www.securityfocus.com/archive/1/456259/100/0/threaded
- http://www.securityfocus.com/bid/21935Exploit
- http://www.vupen.com/english/advisories/2007/0094
FAQ
What is CVE-2007-0161?
CVE-2007-0161 is a vulnerability with a CVSS score of 4.1 (MEDIUM). The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and...
How severe is CVE-2007-0161?
CVE-2007-0161 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0161?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Pml Driver Hpz12, Hp Color Laserjet 4650, Hp Officejet 4100, Hp Officejet 5100, Hp Officejet 5500.