A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.
Published 2011-08-11 22:55:01
Updated 2012-01-14 03:54:40
Source HP Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-2404

81.92%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2011-2404

  • HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution
    Disclosure Date: 2011-08-16
    First seen: 2020-04-26
    exploit/windows/browser/hp_easy_printer_care_xmlsimpleaccessor
    This module allows remote attackers to place arbitrary files on a users file system by abusing via Directory Traversal attack the "saveXML" method from the "XMLSimpleAccessor" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2

CVSS scores for CVE-2011-2404

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.5
HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
NIST

CWE ids for CVE-2011-2404

  • The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2404

Products affected by CVE-2011-2404

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!