Command Execution Vulnerability in HP Linux Imaging and Printing
CVE-2007-5208

Currently unrated

Key Information:

Vendor: HP
Status: Linux Imaging And Printing Project
Vendor: CVE Published:; 13 October 2007

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 73%

Summary

The Hewlett-Packard Linux Imaging and Printing Project (hplip) versions 1.x and 2.x prior to 2.7.10 are susceptible to a command execution vulnerability due to improper handling of shell metacharacters in the 'from' address when invoking the sendmail command. This flaw allows context-dependent attackers to execute arbitrary commands on the affected system, potentially compromising system integrity and security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2007-5208
Created by Rapid7

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://www.vupen.com/english/advisories/2007/3479

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/27271

third-party-advisoryx_refsource_SECUNIA

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

🟡
Public PoC available
Feb 15, 2010
👾
Exploit known to exist
Feb 15, 2010
Vulnerability published
Oct 13, 2007
Vulnerability Reserved
Oct 4, 2007