Summary of Updates and Vulnerabilities in this Consensus

Platform Number of Updates and Vulnerabilities
— | —
Other Microsoft Products 1 (#1)
Windows 4 (#1)
Other Microsoft Products 2
Third Party Windows Apps 2
Linux 1
Cross Platform 8 (#2,#3,#4)
Web Application - Cross Site Scripting 1
Web Application 7
Hardware 1

Part I – Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: Microsoft Products Multiple Security Vulnerabilities
(2) HIGH: Adobe Multiple Security Vulnerabilities
(3) HIGH: Apache Struts Multiple Security Vulnerabilities
(4) MEDIUM: Google Chrome Multiple Security Vulnerabilities

Part II – Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)

Windows

12.2.1 - Microsoft Windows Kernel SafeSEH Security Bypass
12.2.2 - Microsoft Windows CSRSS Local Privilege Escalation
12.2.3 - Microsoft Windows ClickOnce Application Installer Remote Code Execution
12.2.4 - Microsoft Windows Object Packager Remote Code Execution

Other Microsoft Products

12.2.5 - Microsoft AntiXSS Library Sanitization Module Security Bypass
12.2.6 - Microsoft Windows Media Player Remote Code Execution

Third Party Windows Apps

12.2.7 - Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite
12.2.8 - Hitachi Multiple IT Operations Products Unspecified Cross-Site Scripting

Linux

12.2.9 - Super Remote Buffer Overflow

Cross Platform

12.2.10 - Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
12.2.11 - OpenSSL Multiple Vulnerabilities
12.2.12 - Google Chrome Multiple Security Vulnerabilities
12.2.13 - FFmpeg Multiple Remote Vulnerabilities
12.2.14 - GnuTLS DTLS Information Disclosure
12.2.15 - ZNC “bouncedcc” Module Remote Denial of Service
12.2.16 - Adobe Acrobat and Reader Multiple Vulnerabilities
12.2.17 - PowerDNS Authoritative Server Remote Denial of Service

Web Application - Cross Site Scripting

12.2.18 - IBM Cognos TM1 Executive Viewer Multiple Cross-Site Scripting Vulnerabilities

Web Application

12.2.19 - IBM WebSphere Application Server Community Edition Tomcat Container Denial Of Service
12.2.20 - Yaws Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
12.2.21 - Moodle “/calendar/set.php” HTTP Response Splitting
12.2.22 - ImpressCMS Cross-Site Scripting and Local File Include Vulnerabilities
12.2.23 - PHPIDS ReDoS Filters Security Bypass
12.2.24 - eFront “download” Parameter Directory Traversal
12.2.25 - dl Download Ticket Service Authentication Bypass

Hardware

12.2.26 - HP LaserJet Printers Directory Traversal

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company’s continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint’s analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/risk/#process

(1) HIGH: Microsoft Products Multiple Security Vulnerabilities

Affected:
Microsoft Office
Microsoft Windows Media Player

Description: As part of its patch Tuesday program, Microsoft has
released patches addressing multiple security vulnerabilities in its
products. Patches for Microsoft Office address two problems with the
Windows Object Packager, which is responsible for checking for unsafe
objects embedded in Office files. The problem involves ClickOnce files,
which are self-updating executables that are designed to be installed
and run with minimal user interaction. Because these files are not
considered unsafe by Windows Object Packager, they can be embedded into
Office files. Another patch addresses an improper registry key used by
Windows Object Package manager. By enticing a target to open a malicious
file, an attacker can use either of these vulnerabilities to execute
arbitrary code on a target’s machine without any other interaction on
the part of the target. Two vulnerabilities affecting Windows Media
Player have also been addressed. By enticing a target to view a
malicious MIDI or DirectShow file, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on the target’s
machine.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.microsoft.com
Microsoft Security Bulletins
http://technet.microsoft.com/en-us/security/bulletin/ms12-002
http://technet.microsoft.com/en-us/security/bulletin/ms12-005
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51284
http://www.securityfocus.com/bid/51292
http://www.securityfocus.com/bid/51295
http://www.securityfocus.com/bid/51297

(2) HIGH: Adobe Multiple Security Vulnerabilities

Affected:
Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh

Description: Adobe has released patches for multiple unspecified
security vulnerabilities and a signedness error in a component of Adobe
Reader responsible for parsing BMP images. By enticing a target to view
a malicious file, an attacker can exploit these vulnerabilities in order
to corrupt memory and possibly execute arbitrary code on a target’s
machine.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.adobe.com
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb12-01.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51348
http://www.securityfocus.com/bid/51349
http://www.securityfocus.com/bid/51350
http://www.securityfocus.com/bid/51351

(3) HIGH: Apache Struts Multiple Security Vulnerabilities

Affected:

Description: Apache has released a patch addressing multiple security
vulnerabilities in its Struts web application server. Struts is used to
serve Java servlets, which are web applications written in Java. One
vulnerability involves a problem in Strut’s reporting during exception
handling, when user-supplied parameter values are evaluated as OGNL
expressions. OGNL, an expression language for Java, allows for only a
subset of Java to be used, but this is still enough for arbitrary code
execution. Another vulnerability involves unsafe evaluation of cookie
names, which can be used by an attacker to access static methods. By
sending a malicious request, an attacker can exploit these
vulnerabilities in order to execute arbitrary code on a target’s
machine.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.apache.org
Apache Security Bulletin
http://struts.apache.org/2.x/docs/s2-008.html

(4) MEDIUM: Google Chrome Multiple Security Vulnerabilities

Affected:
Google Chrome prior to 16.0.912.75

Description: Google has released a patch addressing multiple security
vulnerabilities affecting its Chrome web browser. The vulnerabilities
include a use-after-free issue in animation frames, a heap buffer
overflow in libxml, and a stack-buffer overflow in glyph handling.
Google has not provided technical information for these vulnerabilities,
but because they are related HIGH, it is likely that some of them can
be exploited to execute arbitrary code on a target’s machine. To do so,
an attacker would have to entice the target to view a malicious site.

Status: vendor confirmed, updates available

References:
Vendor Site
http://www.google.com
Google Stable Channel Updates
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html
SecurityFocus BugTraq IDs
http://www.securityfocus.com/bid/51300

Part II – Comprehensive List of Newly Discovered Vulnerabilities from

Qualys (www.qualys.com)

This list is compiled by Qualys (www.qualys.com) as part of that
company’s ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 13008 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

12.2.1 CVE: CVE-2012-0001

Platform: Windows
Title: Microsoft Windows Kernel SafeSEH Security Bypass
Description: Microsoft Windows is exposed to a security bypass issue
that affects the “Ntdll.dll” component. Specifically, this issue
occurs due to the way the Windows kernel loads a structured exception
handling table into the “Load Configuration” PE header during binary
execution. x64-based editions of Windows XP and all supported editions
of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
and Windows Server 2008 R2 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-001

12.2.2 CVE: CVE-2012-0005

Platform: Windows
Title: Microsoft Windows CSRSS Local Privilege Escalation
Description: Microsoft Windows is exposed to a local
privilege escalation issue that exists in the Client/Server Run time
Subsystem. Specifically, this issue occurs when processing a
sequence of specially crafted Unicode characters. All supported
editions of Windows XP, Windows Server 2003, Windows Vista and Windows
Server 2008 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-003

12.2.3 CVE: CVE-2012-0013

Platform: Windows
Title: Microsoft Windows ClickOnce Application Installer Remote Code
Execution
Description: Microsoft Windows is exposed to a remote code execution
issue. This issue occurs because the ClickOnce application file type
is not included in the Windows Packager unsafe file type list. This
will allow attackers to embed ClickOnce applications into Microsoft
Office documents. All supported releases of Microsoft Windows are
affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-005

12.2.4 CVE: CVE-2012-0009

Platform: Windows
Title: Microsoft Windows Object Packager Remote Code Execution
Description: Microsoft Windows is exposed to a remote code execution
issue. This issue occurs because the application fails to properly
register and implement the Windows Object Packager. All supported
editions of Windows XP and Windows Server 2003 are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-002

12.2.5 CVE: CVE-2012-0007

Platform: Other Microsoft Products
Title: Microsoft AntiXSS Library Sanitization Module Security Bypass
Description: Microsoft Anti-Cross Site Scripting Library (AntiXSS) is
an encoding library designed to protect ASP.NET web-based applications
from XSS attacks. The library is exposed to a security bypass issue
that affects the sanitization module. This occurs because the library
fails to properly sanitize specially crafted HTML. Microsoft
Anti-Cross Site Scripting Library version 3.x and 4.0 are vulnerable.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-007

12.2.6 CVE: CVE-2012-0003,CVE-2012-0004

Platform: Other Microsoft Products
Title: Microsoft Windows Media Player Remote Code Execution
Description: Microsoft Windows Media Player is a multimedia
application available for the Windows operating system. The
application is exposed to a remote code execution issue when handling
specially crafted media content. Specifically, the issue affects the
windows multimedia library (“winmm.dll”) when parsing a
specially crafted MIDI file. All supported editions of Windows XP,
Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008,
Windows Server 2008 R2, Windows XP Media Center Edition 2005 Service
Pack 3 and Windows Media Center TV Pack for Windows Vista are affected.
Ref: http://technet.microsoft.com/en-us/security/bulletin/MS12-004

12.2.7 CVE: CVE-2011-4056

Platform: Third Party Windows Apps
Title: Siemens Tecnomatix FactoryLink ActiveX Arbitrary File Overwrite
Description: Siemens Tecnomatix FactoryLink is Supervisory Control and
Data Acquisition software. The application is exposed to an
arbitrary file overwrite issue because it fails to properly sanitize
user-supplied input before saving files. Specifically, attackers can
save data to an arbitrary file, overwriting the current content.
Siemens Tecnomatix FactoryLink V8.0.2.54, V7.5.217 (V7.5 SP2) and
V6.6.1 (V6.6 SP1) are affected.
Ref: http://www.us-cert.gov/control_systems/pdf/ICSA-11-343-01.pdf
http://www.securityfocus.com/bid/51267/references

12.2.8 CVE: Not Available

Platform: Third Party Windows Apps
Title: Hitachi Multiple IT Operations Products Unspecified Cross-Site
Scripting
Description: Hitachi IT Operations Director offers an all-in-one
solution focused on key IT lifecycle management functions. Hitachi IT
Operations Analyzer is software that monitors IT Infrastructure
availability and performance. The two Products are exposed to an
unspecified cross-site scripting issue because they fail to properly
sanitize user-supplied input. Hitachi IT Operations Director 02-50-01
to 02-50-07, 03-00 to 03-00-04, Hitachi IT Operations Analyzer 02-01,
02-51 to 02-51-01 and 02-53 to 02-53-02 are affected.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html

12.2.9 CVE: CVE-2011-2776

Platform: Linux
Title: Super Remote Buffer Overflow
Description: Super is a Linux package used to allow users to execute
scripts and commands as if they were root. The application is exposed
to a remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data before copying it to an
insufficiently sized buffer. Specifically, the issue affects the
syslog logging code. Super 3.30.0-2 is vulnerable and other versions
may also be affected.
Ref: http://www.securityfocus.com/bid/51319/references
http://packages.debian.org/source/lenny/super

12.2.10 CVE: Not Available

Platform: Cross Platform
Title: Apache Struts Remote Command Execution and Arbitrary File
Overwrite Vulnerabilities
Description: Apache Struts is a framework for building Web
applications. The framework is exposed to multiple issues. A remote
command execution issue affects the “CookieInterceptor” class because
the application fails to restrict access to certain static methods
when handling cookie names. An arbitrary file overwrite issue
exists because the “ParameterInterceptor” fails to properly sanitize
user-supplied input before creating files. Versions prior to Apache
Struts 2.3.1.1 are vulnerable and other versions may also be affected.
Ref: http://struts.apache.org/2.x/docs/s2-008.html

12.2.11 CVE:

CVE-2012-0027,CVE-2011-4619,CVE-2011-4577,CVE-2011-4576,CVE-2011-4109,CVE-2011-4108
Platform: Cross Platform
Title: OpenSSL Multiple Vulnerabilities
Description: OpenSSL is an open-source implementation of the SSL
protocol, which is used by a number of other projects. OpenSSL is
exposed to multiple issues. An information disclosure issue affects the
CBC mode encryption of Datagram Transport Layer Security (DTLS). A
memory corruption issue occurs due to a double-free condition in policy
checks while using X509_V_FLAG_POLICY_CHECK. An information disclosure
issue exists. Specifically, in each record, up to 15 bytes of
uninitialized memory is encrypted and sent to the SSL peer. The issue
exists because the library does not properly clear the bytes used as
block cipher padding in SSL 3.0 records. A denial of service issue
occurs due to an assertion failure when handling specially crafted RFC
3779 data in certificates. 5) A denial of service issue affects the
support for handshake restarts for server gated cryptography (SGC). A
denial of service issue affects the GOST ENGINE when processing
specially crafted GOST parameters. Successful exploitation of these
issues will cause the server to crash due to lack of error checking.
OpenSSL versions 1.0.0x before 1.0.0f or 0.9.8x before 0.9.8s are
affected.
Ref: http://www.openssl.org/news/secadv_20120104.txt
http://www.securityfocus.com/bid/51281/references

12.2.12 CVE: CVE-2011-3922,CVE-2011-3921,CVE-2011-3919

Platform: Cross Platform
Title: Google Chrome Multiple Security Vulnerabilities
Description: Google Chrome is a web browser for multiple platforms.
The application is exposed to multiple security issues. A remote
memory corruption issue occurs due to a use-after-free error in
the animation frame. A buffer overflow issue occurs because it fails to
perform adequate boundary checks when handling “glyph” data.
A heap-based buffer overflow issue occurs because it fails to perform
adequate boundary checks on user-supplied data in the “libxml”
library. Versions prior to Chrome 16.0.912.75 are vulnerable.
Ref: http://www.securityfocus.com/bid/51300/references
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3922
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3921
http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

12.2.13 CVE: Not Available

Platform: Cross Platform
Title: FFmpeg Multiple Remote Vulnerabilities
Description: FFmpeg is a multimedia player. The application is exposed
to multiple remote issues includinr multiple denial of service issues and
multiple NULL pointer dereference errors that can be exploited to
crash the application. FFmpeg versions prior to 0.9.1 are vulnerable.
Ref: http://www.securityfocus.com/bid/51307/references
http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=n0.9.1

12.2.14 CVE: CVE-2012-0390

Platform: Cross Platform
Title: GnuTLS DTLS Information Disclosure
Description: GNU Transport Layer Security Library is a
library that implements the TLS 1.0 and SSL 3.0 protocols. The library
is exposed to an information disclosure issue that affects the CBC
mode encryption of Datagram Transport Layer Security.
Specifically, the issue exists due to timing differences in the
decryption process. Versions prior to 3.0.11 are vulnerable.
Ref: http://www.gnu.org/software/gnutls/security.html
http://www.securityfocus.com/bid/51322/references

12.2.15 CVE: Not Available

Platform: Cross Platform
Title: ZNC “bouncedcc” Module Remote Denial of Service
Description: ZNC is a bouncer application for Internet Relay Chat.
The application is exposed to a remote denial of service issue
in the “bouncedcc” module. This issue affects the
“CBounceDCCMod:OnPrivCTCP()” function of the “modules/bouncedcc.cpp”
file. The issue affects ZNC 0.202 and other versions may also be
affected.
Ref:
https://github.com/znc/znc/commit/11508aa72efab4fad0dbd8292b9614d9371b20a9#modules/bouncedcc.cpp

12.2.16 CVE: CVE-2011-2462, CVE-2011-4369, CVE-2011-4370,

CVE-2011-4371, CVE-2011-4372, CVE-2011-4373
Platform: Cross Platform
Title: Adobe Acrobat and Reader Multiple Vulnerabilities
Description: Adobe Reader and Acrobat are applications for handling
PDF files. The applications are exposed to multiple security issues.
See reference for detailed information. Adobe Reader X (10.1.1) and
earlier 10.x versions for Windows and Macintosh, Adobe Reader 9.4.7
and earlier 9.x versions for Windows, Adobe Reader 9.4.6 and earlier
9.x versions for Macintosh, Adobe Acrobat X (10.1.1) and earlier 10.x
versions for Windows and Macintosh, Adobe Acrobat 9.4.7 and earlier
9.x versions for Windows, Adobe Acrobat 9.4.6 and earlier 9.x versions
for Macintosh are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb12-01.html

12.2.17 CVE: CVE-2012-0206

Platform: Cross Platform
Title: PowerDNS Authoritative Server Remote Denial of Service
Description: PowerDNS is a DNS nameserver available for various
platforms. The application is exposed to a remote denial of service
issue. This issue is due to design flaw in the way the authoritative
server responds to response packets. PowerDNS Authoritative Server
versions prior to 3.0.1 (with the exception of 2.9.22.5) are affected.
Ref: http://wiki.powerdns.com/trac/changeset/2331
http://mailman.powerdns.com/pipermail/pdns-users/2012-January/008457.html
http://www.securityfocus.com/bid/51355/references

12.2.18 CVE: Not Available

Platform: Web Application - Cross Site Scripting
Title: IBM Cognos TM1 Executive Viewer Multiple Cross-Site Scripting
Vulnerabilities
Description: IBM Cognos TM1 Executive Viewer provides users with
Web-based access to information from online analytical processing
databases for analysis and reporting. The application is exposed to
multiple cross-site scripting issues because the application fails to
sufficiently sanitize user-supplied input to the “aspnet_client/“ and
“evserver/createcontrol.js” script. IBM Cognos TM1 Executive Viewer
9.4 is vulnerable and other versions may also be affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM26682
http://xforce.iss.net/xforce/xfdb/72198

12.2.19 CVE: Not Available

Platform: Web Application
Title: IBM WebSphere Application Server Community Edition Tomcat
Container Denial Of Service
Description: IBM WebSphere Application Server Community Edition
is a web server. The application is exposed to a denial of service
issue. Specifically, this issue occurs because of an unspecified error
within the Tomcat container. Attackers can exploit this issue by
sending specially crafted requests with many parameters to the
vulnerable server. WebSphere Application Server Community Edition
v3.0.0.0, v2.1.x.x prior to 2.1.1.6 and v1.1.x.x are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21577274
http://www-01.ibm.com/support/docview.wss?uid=swg21575700
http://www.securityfocus.com/bid/51345/references

12.2.20 CVE: CVE-2011-5025

Platform: Web Application
Title: Yaws Multiple Cross-Site Scripting and HTML Injection
Vulnerabilities
Description: Yaws is an application web server. The application is
exposed to multiple issues. Multiple cross-site scripting issues
affect the following scripts and parameters: “editTag.yaws” : “tag”,
“showOldPage.yaws” : “index” and “allRefsToMe.yaws” : “node”. An
HTML-injection issue affects an unknown parameter of the
“editPage.yaws” script. Yaws 1.88 is vulnerable and other versions may
be affected.
Ref: http://www.securityfocus.com/bid/51276/references
https://sitewat.ch/Advisory/View/4
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5025

12.2.21 CVE: CVE-2011-4203

Platform: Web Application
Title: Moodle “/calendar/set.php” HTTP Response Splitting
Description: Moodle is a content manager for online courseware, it is
implemented in PHP. The application is exposed to an
HTTP response splitting issue because it fails to sufficiently
sanitize input submitted to the “$url” variable of the
“/calendar/set.php” script in the Calendar component before using it
in HTTP headers. Moodle 1.9.x versions prior to 1.9.15, 2.0.x versions
prior to 2.0.6, 2.1.x versions prior to 2.1.3 and 2.2 are affected.
Ref: http://www.securityfocus.com/bid/51264/references
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4203

12.2.22 CVE: Not Available

Platform: Web Application
Title: ImpressCMS Cross-Site Scripting and Local File Include
Vulnerabilities
Description: ImpressCMS is a PHP-based e-commerce application. The
application is exposed to multiple input validation issues includeing
multiple cross-site scripting issues and a local file include issue that
affects the “icmsConfigPlugins[sanitizer_plugins]” parameter of the
“edituser.php” script. ImpressCMS 1.3 Final is vulnerable and other
versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/521112
http://community.impresscms.org/modules/smartsection/item.php?itemid=579

12.2.23 CVE: CVE-2011-5021

Platform: Web Application
Title: PHPIDS ReDoS Filters Security Bypass
Description: PHPIDS is a PHP-based web application. The application
is exposed to a security bypass issue. Specifically, the issue occurs
due to improper implementation of Regular Expression Denial of Service
filters. PHPIDS versions before 0.7 are affected.
Ref: http://www.securityfocus.com/bid/51277/references
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5021
https://sitewat.ch/Advisory/View/7

12.2.24 CVE: Not Available

Platform: Web Application
Title: eFront “download” Parameter Directory Traversal
Description: eFront is a PHP-based e-learning application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input submitted to the
“download” parameter of the “student.php” script. eFront 3.6.10 is
vulnerable and other versions may also be affected.
Ref: http://www.efrontlearning.net/download
http://www.securityfocus.com/bid/51302/references

12.2.25 CVE: Not Available

Platform: Web Application
Title: dl Download Ticket Service Authentication Bypass
Description: dl Download Ticket Service is a PHP-based ticket
management system. The application is exposed to an authentication
bypass issue because an attacker can log in as an arbitrary user by
forging an authorization header. dl Download Ticket Service 0.3 to 0.9
is vulnerable and other versions may also be affected.
Ref: http://www.thregr.org/~wavexx/software/dl/NEWS.html
http://www.securityfocus.com/bid/51347/references

12.2.26 CVE: CVE-2011-4785

Platform: Hardware
Title: HP LaserJet Printers Directory Traversal
Description: HP LaserJet printers are network attached printers. The
devices are exposed to a directory traversal issue because they fail
to sufficiently sanitize user-supplied input. HP LaserJet P3015 with
firmware prior to 07.080.3 are affected.
Ref:
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03140700&ac.admitted=1326170524652.876444892.492883150