Twenty Year Anniversary

HP LaserJet Fax Preview DLL Hijacking

HP LaserJet Fax Preview DLL Hijacking
Posted Jan 23, 2016
Authored by Yorick Koster, Securify B.V.

HP LaserJet Fax Preview suffers from a DLL side loading vulnerability.

tags | advisory
systems | windows
MD5 | c5a1fdb82f8d50927af639c978487c2d

HP LaserJet Fax Preview DLL Hijacking

Change Mirror Download
------------------------------------------------------------------------
HP LaserJet Fax Preview DLL side loading vulnerability
------------------------------------------------------------------------
Yorick Koster, September 2015

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A DLL side loading vulnerability was found in the HP LaserJet Fax
Preview Resource DLL. This issue can be exploited by loading the
FaxPreview Class as an embedded OLE object. When instantiating the
object Windows will try to load the DLL MFC80ENU.DLL from the current
working directory. If an attacker convinces the user to open a specially
crafted (Office) document from a directory also containing the
attacker's DLL file, it is possible to execute arbitrary code with the
privileges of the target user. This can potentially result in the
attacker taking complete control of the affected system.

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
This issue was successfully verified on the HP Color LaserJet CM2320 MFP
drivers version 3.1 (CM2320series-win7-full-solution-AM-EMEA1-v3.1.exe).

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available, HP reports: "Unfortunately, the
driver software for these devices can no longer be updated. The devices
have ended support life and the engineering resources are no longer
available to provide any firmware updates. We do understand the issue,
and current drivers are no longer vulnerable to the OLE side load
issue".

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20150903/hp_laserjet_fax_preview_dll_side_loading_vulnerability.html
https://www.securify.nl/exploit/SFY20150901/hp_laserjet_ole_sideload.html
https://www.securify.nl/blog/SFY20151201/there_s_a_party_in_ole__and_you_are_invited.html

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    20 Files
  • 17
    Oct 17th
    19 Files
  • 18
    Oct 18th
    21 Files
  • 19
    Oct 19th
    16 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close