CVE-2011-4786

HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-4786. PoCs published by Metasploit, Andrea Micalizzi, juan vazquez, including Metasploit module exploits/windows/browser/hp_easy_printer_care_xmlcachemgr.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in HP Easy Printer Care's XMLCacheMgr ActiveX control to achieve remote code execution by uploading a VBS payload and a MOF file, leveraging Windows Management Instrumentation (WMI) for execution on pre-Vista Windows systems.

Description

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/18381

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in HP Easy Printer Care's XMLCacheMgr ActiveX control to achieve remote code execution by uploading a VBS payload and a MOF file, leveraging Windows Management Instrumentation (WMI) for execution on pre-Vista Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Easy Printer Care HPTicketMgr.dll 2.7.2.0

No auth needed

Prerequisites: Target must be running Windows pre-Vista · Target must have HP Easy Printer Care installed · Target must be using Internet Explorer with ActiveX enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1218.010 - Regsvr32 T1047 - Windows Management Instrumentation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by Andrea Micalizzi, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/hp_easy_printer_care_xmlcachemgr.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2011-4786 by abusing the 'CacheDocumentXMLWithId' method in HP Easy Printer Care's ActiveX control to achieve remote code execution. It uploads a VBS payload and a MOF file to the target system, leveraging Windows Management Instrumentation (WMI) for execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Easy Printer Care (HPTicketMgr.dll 2.7.2.0)

No auth needed

Prerequisites: Target must be running Windows before Vista · Target must have HP Easy Printer Care installed · Target must visit a malicious webpage hosting the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory vendor-advisory x_refsource_hp

http://archives.neohapsis.com/archives/bugtraq/2012-01/0078.html

Scores

EPSS 0.4113

EPSS Percentile 98.5%

Details

CWE

CWE-94

Status published

Products (1)

hp/easy_printer_care_software < 2.5

Published Jan 12, 2012

Tracked Since Feb 18, 2026