Sign In

Communications of the ACM

ACM TechNews

Critical Wormable Security Flaw Found in Several HP Printer Models

View as: Print Mobile App Share:
Icon for HP printers.

A hypothetical attack scenario could involve embedding an exploit for the font-parsing flaws in a malicious PDF document and then social-engineering the target into printing the file.

Credit: Hewlett Packard

F-Secure Labs researchers Timo Hirvonen and Alexander Bolshev reported two eight-year-old vulnerabilities affecting 150 multifunction printers (MFPs) from PC maker HP that could be exploited to commandeer target devices, steal information, and penetrate enterprise networks to establish an attack beachhead.

The researchers' April 29 disclosure of the Printing Shellz flaws spurred HP to issue patches in November.

Hirvonen and Bolshev warned attackers can exploit flaws in MFPs' communications board and font parser "to gain code execution rights, with the former requiring physical access while the latter can be accomplished remotely."

A flaw in the buffer overflow is wormable, meaning it could be used to spread itself to other MFPs on the infiltrated network.

"While exploiting these issues is somewhat difficult, the public disclosure of these vulnerabilities will help threat actors know what to look for to attack vulnerable organizations," the researchers said.

From The Hacker News
View Full Article


Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account