Vulnerability Details : CVE-2011-4786

Public exploit exists!
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.
Published 2012-01-12 19:55:01
Updated 2019-10-09 23:03:58
Source HP Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-4786

Probability of exploitation activity in the next 30 days: 93.81%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2011-4786

  • HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
    Disclosure Date: 2012-01-11
    First seen: 2020-04-26
    exploit/windows/browser/hp_easy_printer_care_xmlcachemgr
    This module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code e

CVSS scores for CVE-2011-4786

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
9.3
 HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
 NIST

CWE ids for CVE-2011-4786

  • The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-4786

Products affected by CVE-2011-4786

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close