Unrated severityNVD Advisory· Published Jan 10, 2007· Updated Apr 23, 2026
CVE-2007-0161
CVE-2007-0161
Description
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
Affected products
21- cpe:2.3:a:hp:pml_driver_hpz12:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_5100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_5500:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_6100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_7100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_d:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_g:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_k:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_1210_all-in-one:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2400_photosmart_all-in-one:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2500_photosmart_all-in-one:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2510_photosmart:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.securityfocus.com/bid/21935nvdExploit
- secunia.com/advisories/23663nvdVendor Advisory
- secway.org/advisory/AD20070108.txtnvdVendor Advisory
- osvdb.org/32654nvd
- securityreason.com/securityalert/2128nvd
- www.securityfocus.com/archive/1/456259/100/0/threadednvd
- www.vupen.com/english/advisories/2007/0094nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31361nvd
News mentions
0No linked articles in our index yet.