Vulnerabilities > CVE-2007-0161 - Products PML Driver HPZ12 Local Privilege Escalation vulnerability in HP
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Hardware | Hp
| 20 |
Exploit-Db
| description | HP Multiple Products PML Driver HPZ12 Local Privilege Escalation Vulnerability. CVE-2007-0161. Local exploit for windows platform |
| id | EDB-ID:29403 |
| last seen | 2016-02-03 |
| modified | 2007-01-08 |
| published | 2007-01-08 |
| reporter | Sowhat |
| source | https://www.exploit-db.com/download/29403/ |
| title | HP Multiple Products PML Driver HPZ12 - Local Privilege Escalation Vulnerability |
References
- http://osvdb.org/32654
- http://secunia.com/advisories/23663
- http://securityreason.com/securityalert/2128
- http://secway.org/advisory/AD20070108.txt
- http://www.securityfocus.com/archive/1/456259/100/0/threaded
- http://www.securityfocus.com/bid/21935
- http://www.vupen.com/english/advisories/2007/0094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31361