Remote Code Execution Vulnerability in HP Easy Printer Care Software
CVE-2011-2404

Currently unrated

Key Information:

Vendor: HP
Status: Easy Printer Care Software
Vendor: CVE Published:; 11 August 2011

Summary

The HP Easy Printer Care Software contains a vulnerable ActiveX control (HPTicketMgr.dll) that allows attackers to remotely execute arbitrary programs on client machines. This vulnerability exists due to insufficient validation of the commands executed via the ActiveX control, which can be exploited to download and run malicious software without user interaction. Addressing this vulnerability is critical for maintaining the security of affected systems.

References

http://securityreason.com/securityalert/8332

third-party-advisoryx_refsource_SREASON

http://marc.info/?l=bugtraq&m=131291471508119&w=2

vendor-advisoryx_refsource_HP

http://securityreason.com/securityalert/8348

third-party-advisoryx_refsource_SREASON

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 11, 2011
Vulnerability Reserved
Jun 6, 2011