CVE-2011-2404

HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2404. PoCs published by Metasploit, Andrea Micalizzi, juan vazquez, including Metasploit module exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in HP Easy Printer Care's ActiveX control to achieve remote code execution by uploading a VBS payload and a MOF file to trigger execution via Windows Management Instrumentation.

Description

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17697

This Metasploit module exploits a directory traversal vulnerability in HP Easy Printer Care's ActiveX control to achieve remote code execution by uploading a VBS payload and a MOF file to trigger execution via Windows Management Instrumentation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Easy Printer Care HPTicketMgr.dll 2.7.2.0
No auth needed
Prerequisites: Target must be running Windows before Vista · Target must have HP Easy Printer Care installed · Target must visit a malicious webpage using Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Andrea Micalizzi, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hp_easy_printer_care_xmlsimpleaccessor.rb

This Metasploit module exploits a directory traversal vulnerability in HP Easy Printer Care's ActiveX control (HPTicketMgr.dll 2.7.2.0) via the 'saveXML' method to achieve remote code execution. It uploads a VBS payload and a MOF file to the target system, leveraging Windows Management Instrumentation (WMI) for execution on Windows systems before Vista.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Easy Printer Care (HPTicketMgr.dll 2.7.2.0)
No auth needed
Prerequisites: Target must have HP Easy Printer Care installed · Target must be using Internet Explorer with ActiveX enabled · Target must be running Windows before Vista
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8332
Vendor Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=131291471508119&w=2
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8348

Scores

EPSS 0.7384
EPSS Percentile 99.4%

Details

CWE
CWE-94
Status published
Products (1)
hp/easy_printer_care_software < 2.5
Published Aug 11, 2011
Tracked Since Feb 18, 2026