HP Easy Printer Care Software ActiveX Control Remote Code Execution Vulnerabilities
High Nessus Plugin ID 55832
An ActiveX control on the remote Windows host could allow arbitrary remote code execution.
The version of the HPTicketMgr.dll ActiveX control, part of HP Easy Printer Care Software and installed on the remote Windows host, is affected by several vulnerabilities : - The 'SaveXML()' method in the XMLSimpleAccessor class ActiveX control is prone to a directory traversal attack and can be abused to write arbitrary files to the system and then execute them through the browser. (CVE-2011-2404) - The 'CacheDocumentXMLWithId()' method in the XMLCacheMgr class ActiveX control is prone to a directory traversal attack and can be abused to write malicious content to the filesystem. (CVE-2011-4786) - The 'LoadXML()' method in the XMLSimpleAccessor class ActiveX control is affected by a heap-based buffer overflow vulnerability. (CVE-2011-4787) If an attacker can trick a user on the affected host into visiting a specially crafted web page, these issues could be leverage to execute arbitrary code on the host subject to the user's privileges.
Either uninstall the software as it is no longer supported by HP or set the kill bit for the affected control.