CVE-2007-0161

HP all-in-one drivers - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0161. PoCs published by Sowhat.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in HP's PML Driver HPZ12 by modifying the service's binary path to execute arbitrary code with SYSTEM privileges. The attack involves reconfiguring the service to point to a malicious executable and then starting the service.

Description

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sowhat · textlocalwindows
https://www.exploit-db.com/exploits/29403

This exploit leverages a local privilege escalation vulnerability in HP's PML Driver HPZ12 by modifying the service's binary path to execute arbitrary code with SYSTEM privileges. The attack involves reconfiguring the service to point to a malicious executable and then starting the service.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: HP PML Driver HPZ12 (multiple HP products)
Auth required
Prerequisites: Local access to the target system · Ability to modify service configurations
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2128
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31361
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23663
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0094
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32654
Vendor Advisory x_refsource_misc
http://secway.org/advisory/AD20070108.txt
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21935
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/456259/100/0/threaded

Scores

EPSS 0.0072
EPSS Percentile 48.8%

Details

Status published
Products (21)
hp/color_laserjet_4650
hp/officejet_4100
hp/officejet_5100
hp/officejet_5500
hp/officejet_6100
hp/officejet_7100
hp/officejet_d
hp/officejet_g
hp/officejet_k
hp/pml_driver_hpz12
... and 11 more
Published Jan 10, 2007
Tracked Since Feb 18, 2026