HP Easy Printer Care XMLCacheMgr Class ActiveX Control Code Execution Exploit

This module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embeddeding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2011-4786
Product Version: 
12.3
Released Date: 
Friday, June 1, 2012 - 00:00