CVE-2007-0161

medium HPE
CVSS v3 Base Score
4.1
AV:L/AC:M/Au:S/C:P/I:P/A:P
EPSS Score
0.2%
Exploitation probability in 30 days
Top 63% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Published: January 10, 2007 (7064 days ago)
Last Modified: April 23, 2026
Vendor: HPE
Source: NVD

Description

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

CWE

NVD-CWE-Other

Affected Products

hp pml driver hpz12hp color laserjet 4650hp officejet 4100hp officejet 5100hp officejet 5500hp officejet 6100hp officejet 7100hp officejet dhp officejet ghp officejet k

References

🔗 osvdb.org 🔗 secunia.com 🔗 securityreason.com 🔗 secway.org 🔗 www.securityfocus.com