CVE-2007-0161
CVE-2007-0161 is a medium-severity vulnerability in Hp Pml Driver Hpz12 with a CVSS 2.0 base score of 4.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.1)
- EPSS exploit prediction: 1% (49th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Hp Pml Driver Hpz12
- Published:
- Last modified:
Description
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
Frequently asked questions
- What is CVE-2007-0161?
- The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
- How severe is CVE-2007-0161?
- CVE-2007-0161 has a CVSS 2.0 base score of 4.1, rated medium severity.
- Is CVE-2007-0161 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (49th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-0161?
- CVE-2007-0161 primarily affects Hp Pml Driver Hpz12. In total, 21 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-0161?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2007-0161 published?
- CVE-2007-0161 was published on 2007-01-10 and last updated on 2026-06-16.
References
- http://osvdb.org/32654
- http://secunia.com/advisories/23663
- http://securityreason.com/securityalert/2128
- http://secway.org/advisory/AD20070108.txt
- http://www.securityfocus.com/archive/1/456259/100/0/threaded
- http://www.securityfocus.com/bid/21935
- http://www.vupen.com/english/advisories/2007/0094
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31361
Affected products (21)
- cpe:2.3:a:hp:pml_driver_hpz12:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:color_laserjet_4650:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_5100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_5500:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_6100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_7100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_d:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_g:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:officejet_k:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_1100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_1200:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_1210_all-in-one:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_1300:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2100:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2200:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2400_photosmart_all-in-one:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2500_photosmart_all-in-one:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_2510_photosmart:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_700:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:psc_900:*:*:*:*:*:*:*:*