CVE-2007-0161

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

Published: Jan 10, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0161
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.1
AV:L/AC:M/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hp / pml_driver_hpz12	-	-
hp / officejet_4100	-	-
hp / psc_900	-	-
hp / psc_1300	-	-
hp / psc_2100	-	-
hp / officejet_7100	-	-
hp / officejet_5500	-	-
hp / officejet_6100	-	-
hp / officejet_k	-	-
hp / psc_1100	-	-
hp / psc_2400_photosmart_all-in-one	-	-
hp / psc_2200	-	-
hp / psc_2510_photosmart	-	-
hp / color_laserjet_4650	-	-
hp / officejet_5100	-	-
hp / psc_700	-	-
hp / officejet_d	-	-
hp / psc_2500_photosmart_all-in-one	-	-
hp / psc_1210_all-in-one	-	-
hp / psc_1200	-	-
hp / officejet_g	-	-

Vulnerability Database

290,273

CVE-2007-0161