We are not going to be issuing a patch or security bulletin for this issue."įurther details are available at. Vendor replies: "after looking at this problem and discussing it previously with Microsoft MSRC, we have decided that this unquoted registry string is not a security issue. The mailinglist post contains the following remark: The real existence of this vulnerability is still doubted at the moment. During that time the estimated underground price was around $5k-$25k. The vulnerability was handled as a non-public zero-day exploit for at least 36 days. Several programs of the current Windows 7 driver software for the "HP OfficeJet 6700" multifunction device execute a rogue program C:\Program.exeĪ public exploit has been developed by Stefan Kanthak and been published immediately after the advisory. Technical details are unknown but a public exploit is available. The requirement for exploitation is a authentication. The weakness was published by Stefan Kanthak as Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe as not defined mailinglist post (Full-Disclosure). This is going to have an impact on confidentiality, and integrity.
The manipulation with an unknown input leads to a privilege escalation vulnerability.
This affects an unknown code block of the component Installer. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability, which was classified as problematic, was found in HP HP OfficeJet 6700 Driver ( Hardware Driver Software) ( the affected version unknown). The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
