This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
An ActiveX control on the remote Windows host could allow arbitrary
remote code execution.
The version of the HPTicketMgr.dll ActiveX control, part of HP Easy
Printer Care Software and installed on the remote Windows host, is
affected by several vulnerabilities :
- The 'SaveXML()' method in the XMLSimpleAccessor class
ActiveX control is prone to a directory traversal
attack and can be abused to write arbitrary files to the
system and then execute them through the browser.
- The 'CacheDocumentXMLWithId()' method in the XMLCacheMgr
class ActiveX control is prone to a directory traversal
attack and can be abused to write malicious content to
the filesystem. (CVE-2011-4786)
- The 'LoadXML()' method in the XMLSimpleAccessor class
ActiveX control is affected by a heap-based buffer
overflow vulnerability. (CVE-2011-4787)
If an attacker can trick a user on the affected host into visiting a
specially crafted web page, these issues could be leverage to execute
arbitrary code on the host subject to the user's privileges.
See also :
Either uninstall the software as it is no longer supported by HP or
set the kill bit for the affected control.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true