Windows 10: HP Ink Printers Remote Code Execution Vulnerability

Brink · Aug 6, 2018

SUPPORT COMMUNICATION- SECURITY BULLETIN

Document ID: c06097712
Version: 2

HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution

Notice:: The information in this security bulletin should be acted upon as soon as possible.

Release date : 01-Aug-2018
Last updated : 03-Aug-2018

Potential Security Impact:

Reported by: TBA

Source: HP, HP Product Security Response Team (PSRT)

VULNERABILITY SUMMARY
Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution.

Reference Number
CVE-2018-5924, CVE-2018-5925, PSR-2018-0072

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
See RESOLUTION section.

BACKGROUND
For a PGP signed version of this security bulletin please write to: L: hp-security-alert@hp.com

CVSS 3.0 Base Metrics

Reference Base Vector Base Score CVE-2018-5924 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8 (Critical) CVE-2018-5925 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 9.8 (Critical)
RESOLUTION
HP has provided firmware updates for impacted printers as set forth in the table below. To obtain the updated firmware, go to the HP Software and Drivers page for your product and find the firmware update from the list of available software.

For guidance on how to update your product firmware, go to the Upgrading Printer Firmware page and follow the instructions provided.

Pagewide Pro

Product Name Product Number Firmware Revision HP PageWide 352dw J6U57B 001.1829A HP PageWide Managed MFP P57750dw J9V82A
J9V82B
J9V82C
J9V82D 001.1829A HP PageWide Managed MFP P77740dn Y3Z57 005.1828A HP PageWide Managed MFP P77740dw W1B33 005.1828A HP PageWide Managed MFP P77740z W1B39 005.1828A HP PageWide Managed MFP P77750z W1B37 005.1828A HP PageWide Managed MFP P77760z W1B38 005.1828A HP PageWide Managed P55250dw J6U55A
J6U55B
J6U55C
J6U55D 001.1829A HP PageWide Managed P75050dn Y3Z45 005.1828A HP PageWide Managed P75050dw Y3Z47 005.1828A HP PageWide MFP 377dw J9V80A
J9V80B 001.1829A HP PageWide Pro 452dn D3Q15A
D3Q15B
D3Q15D 001.1829A HP PageWide Pro 552dw D3Q17A
D3Q17C
D3Q17D 001.1829A HP PageWide Pro 750dn Y3Z46 005.1828A HP PageWide Pro 750dw Y3Z44 005.1828A HP PageWide Pro MFP 477dn D3Q19A
D3Q19D 001.1829A HP PageWide Pro MFP 477dw D3Q20A
D3Q20B
D3Q20C
D3Q20D 001.1829A HP PageWide Pro MFP 577dw D3Q21A
D3Q21C
D3Q21D 001.1829A HP PageWide Pro MFP 577z K9Z76A
K9Z76D 001.1829A HP PageWide Pro MFP 772dn W1B31 005.1828A HP PageWide Pro MFP 772dw Y3Z54 005.1828A HP PageWide Pro 452dw D3Q16A
D3Q16B
D3Q16C
D3Q16D 001.1829A
HP DesignJet

Product Name Product Number Firmware Revision HP DesignJet rugged case N9M07A 1829A HP Designjet T120 24-in ePrinter CQ891A 1829B HP Designjet T120 24-in Printer CQ891B 1829B HP Designjet T120 24-in Printer (2018 edition) CQ891C 1829B HP Designjet T120 24-in Rmkt ePrinter CQ891AR 1829B HP Designjet T520 24-in ePrinter CQ890A 1829B HP Designjet T520 24-in Printer CQ890B 1829B HP Designjet T520 24-in Printer (2018 edition) CQ890C 1829B HP Designjet T520 24-in Printer (2018 edition) CQ890D 1829B HP Designjet T520 24-in Printer (2018 edition, legless) CQ890E 1829B HP Designjet T520 24-in Rmkt ePrinter CQ890AR 1829B HP Designjet T520 36-in ePrinter CQ893A 1829B HP Designjet T520 36-in Printer CQ893B 1829B HP Designjet T520 36-in Printer (2018 edition) CQ893C 1829B HP Designjet T520 36-in Printer (2018 edition, legless) CQ893E 1829B HP Designjet T520 36-in Rmkt ePrinter CQ893AR 1829B HP DesignJet T730 36in Printer F9A29A 1829A HP DesignJet T730 36in Printer F9A29B 1829A HP Designjet T730 with Rugged Case T5D66A 1829A HP DesignJet T830 24in eMFP Printer F9A28A 1829A HP DesignJet T830 24-in MFP Printer F9A28B 1829A HP DesignJet T830 MFP with Armor Case 1JL02B 1829A HP DesignJet T830 MFP with Armour Case 1JL02A 1829A HP DesignJet T830 MFP with Rugged Case T5D67A 1829A
HP Officejet, HP Deskjet and HP Envy

Product Name Product Number FirmwareRevision HP AMP 1xx Printer series T8X39 - T8X44
1SH08
3AW44A - 3AW51A 1828A HP Deskjet 2540 All-in-One A9U19A - A9U28B
D3A78B - D3A82A 1828B HP DeskJet 2600 All-in-One Printer 4UJ28B
V1N01A - V1N08A
Y5H60A - Y5H80A 1828A HP DeskJet 2600 All-in-One Printer CZ992A
L9D57A
N4L17A 1828A HP Deskjet 2620 Ink Advantage series D4H22A - D4H24B 1826A HP Deskjet 3540 series A9T81A
A9T81C
A9T83B 1828A HP DeskJet 3630 series F5S43A - F5S57A
K4T93A - K4T99B
K4U00B - K4U04B 1829A HP DeskJet 3700 All-in-One Printer series J9V86A 1828A HP DeskJet 3700 All-in-One Printer series J9V86A - J9V96A
T8W51A - T8W73A 1828A HP Deskjet 4510 series A9J41 - A9J43 1828B HP DeskJet 4530 series F0V64 - F0V66
J6U63
W3U23 - W3U24 1827B HP DeskJet 4720 series F5S65A - F5S66A
L8L91A 1829A HP DeskJet 5000 series M2U86 - M2U90 1828A HP DeskJet 5275 All-in-One Printer M2U76 - M2U80 1828A HP DeskJet 5640 series B9S57C 1821B HP DeskJet 5730 series F5S60A - F5S61A
T0A23A - T0A25A 1824A HP DeskJet GT 5820 All-in-One Printer series M2Q28A
P0R21A
X3B09A
2ND31A 1829A HP Deskjet Ink Advantage 2540 All-in-One A9U23 - A9U28 1828B HP DeskJet Ink Advantage 2600 All-in-One Printer V1N02A - V1N02C 1828A HP DeskJet Ink Advantage 2600 All-in-One Printer Y5Z00A - Y5Z07B 1828A HP DeskJet Ink Advantage 3630 All-in-One Printer F5S43 - F5S57
K9U05B 1829A HP DeskJet Ink Advantage 3700 All-in-One Printer series 1DT61A - 1DT62A
3YZ74A - 3YZ75A
4SC29A - 4SC30A
J9V87A - J9V89B
T8W35A - T8W50C 1828A HP Deskjet Ink Advantage 3830 e-All-in-One Printer F5R96A - F5R98B
K7V42C - K7V43C 1825A HP Deskjet Ink Advantage 4615 All-in-One Printer CZ283A - CZ283C 1829A HP Deskjet Ink Advantage 4625 e-All-in-One CZ284A - CZ284C 1829A HP Deskjet Ink Advantage 4640 e-All-in-One Printer series B4L08A - B4L10A 1825A HP DeskJet Ink Advantage 4670 All-in-One Printer F1H97 - F1H199 1826A HP Deskjet Ink Advantage 5525 e-All-in-One CZ282A - CZ282C 1828B HP DeskJet Ink Advantage 5570 All-in-One printer G0V48B
G0V48C 1821A HP Deskjet Ink Advantage 6525 e-All-in-One CZ276A - CZ76C 1828B HP Envy 120 Series CQ176 - CQ190 1827A HP ENVY 4500 series A9T80A
A9T80B
A9T89A
D3P93A 1828A HP ENVY 4510 All-in-One Printer K9H48 - K9H57 1827B HP ENVY 4520 series F0V63
F0V67 - F0V74
K9T01 - K9T10
J6U59 - J6U62
J6U69 - J6U70
K9H57
W3U25 - W3U27 1827B HP ENVY 5000 series M2U85
M2U91-M2U94
Z4A54 - Z4A78 1828A HP ENVY 5530 series A9J40A - A9J48B
D4J85B - D4J86B 1828B HP ENVY 5540 All-in-One Printer G0V47
G0450 - G0V56
K7C84 - K7C93
K7G86 - K7G90 1821A HP ENVY 5640 series B9S56A
B9S58A - B9S65A
F8B05A
F8B13A 1824A HP ENVY 5660 series F8B04A
F8B06A - F8B08A
F8B12A 1824A HP ENVY 7640 series E4W43-E4W48 1825C HP ENVY Photo 6200 All-in-One Printer series K7G18A-K7G29A 1829D HP ENVY Photo 7100 All-in-One Printer series K7G93A-K7G99 1829D HP ENVY Photo 7100 All-in-One Printer series K7S00A 1829D HP Ink Tank 310 Z6Z11A 1737J
1805J HP Ink Tank Wireless 410 Z4B53A - Z4B55A
Z6Z95A
Z6Z97A 1737J
1805J HP Officejet Pro X451dn Printer CN459A 1829B HP Officejet Pro X451dw Printer CN463A 1829B HP Officejet Pro X476dn MFP CN460A 1829B HP Officejet Pro X476dw MFP CN461A 1829B HP Officejet Pro X551dw Printer CV037A 1829B HP Officejet Pro X576dn MFP CN462A 1829B HP Officejet Pro X576dw MFP C598A 1829B HP OfficeJet 200 Mobile series CZ993A
L9B95A 1827A HP OfficeJet 202 Mobile series N4L14C
N4K99C 1827A HP OfficeJet 252 Mobile All-in-One N4L18C 1828A HP Officejet 2620 series D4H21A - D4H21B
D4H25A - D4H29B 1826A HP Officejet 3830 e-All-in-One Printer F5R95
F5S00 - F5S04
K7V35 - K7V49 1825A HP Officejet 4610 e-All-in-One Printer CR771A 1829A HP Officejet 4620 e-All-in-One Printer CZ152A - CZ152C 1829A HP Officejet 4622 e-All-in-One Printer CZ294A - CZ296B 1829A HP Officejet 4630 e-All-in-One Printer series B4L03 - B4L07A
D4J74 - D4J78 1825A HP OfficeJet 4650 All-in-One Printer F1H96
F1J00 - F1J07
F9D36 - F9D38
K9V76 - K9V85
V6D27- V6D32 1826A HP OfficeJet 5200 AlI-in-One Printer M2U75
M2U81-M2U84
Z4B12 - Z4B36 1828A HP Officejet 5740 series B9S76-B9S85
F8B09-F8B11
T1P36-T1P38 1825A HP Officejet 6220 / HP Officejet Pro 6230 ePrinter E3E03A
C9S13A 1827A HP OfficeJet 6600 e-All-in-One CN581A 1827D HP OfficeJet 6700 Premium e-All-in-One CN583A 1827D HP Officejet 6810/6820 e-All-in-One Printer F0M65A
G1W52A 1828A HP OfficeJet 6950 All-in-One P4C78A - P4C87A
T3P03A
T3P04A 1828A HP OfficeJet 6960 All-in-One
HP OfficeJet Pro 6960 All-in-One J7K33A - J7K39A
T0F28A - T0F38A
T0G25A - T0G26A 1828A HP Officejet 7110 Wide Format ePrinter CR768A 1827A HP Officejet 7510 Wide Format All-in-One Printer G3J47A 1829A HP Officejet 7610 series Wide Format e-All-in-One Printer CR769A 1828B HP Officejet 7612 Wide Format e-All-in-One G1X85A 1829A HP Officejet Pro 251dw Printer CV136A 1828A HP Officejet Pro 276dw Multifunction Printer CR7770A 1829A HP Officejet Pro 3610 Black and White Printer CZ292A 1828A HP Officejet Pro 3620 Black and White Printer CZ293A 1828A HP Officejet Pro 6830 e-All-in-One Printer E3E02A
J2D37A 1828A HP OfficeJet Pro 6970 All-in-One Printer J7K34A - J7K42A
T0F29A - T0F40A 1828A HP OfficeJet Pro 7720 Wide Format All-in-One Y0S18A 1830A HP OfficeJet Pro 7730 Wide Format All-in-One Y0S19A 1830A HP OfficeJet Pro 7740 Wide Format All-in-One G5J38A
T1P99
T1Q00 - T1Q02 1828A HP OfficeJet Pro 8210 Printer
HP OfficeJet Pro 8216 D9L63A
D9L64A
T0G70A
J3P68A 1827B HP OfficeJet Pro 8600A e-All-in-One CM749A 1829A HP OfficeJet Pro 8600A Plus e-All-in-One CM750A 1829A HP OfficeJet Pro 8600A Premium e-All-in-One CN577A 1829A HP Officejet Pro 8610 e-All-in-One Printer A7F64A
D7Z36A
E1D34A
J5T77A
T0K98A 1828A HP Officejet Pro 8620 e-All-in-One Printer A7F65A
D7Z37A 1828A HP Officejet Pro 8630 e-All-in-One Printer A7F66A 1828A HP Officejet Pro 8640 e-All-in-One Printer E2D42A 1828B HP Officejet Pro 8660 e-All-in-One Printer E1D36A 1828A HP OfficeJet Pro 8710 All-in-One Printer D9L18A
J6X76A - J6X78A
J6X80A - J6X81A
K7S37A - K7S38A
M9L65A - M9L66A
M9L70A
M9L81A
T0G45A - T0G49A 1828A HP OfficeJet Pro 8720 All-in-One Printer D9L19A
J7A28A
J7A31A
K7S34A - K7S36A
M9L73A - M9L75A
M9L80A
T0G50A - T0G51A
T0G54A
T6T77A 1828A HP OfficeJet Pro 8730 D9L20A 1827B HP OfficeJet Pro 8732M All-in-One Printer T0G56A - T0G59A 1827A HP OfficeJet Pro 8740 K7S42A 1827B HP Photosmart 5510 series CQ176-CQ190 TBD HP Photosmart 5510d series CQ761-CQ769 1829B HP Photosmart 5520 series e-All-in-One
HP Photosmart 5521 e-All-in-One
HP Photosmart 5522 e-All-in-One
HP Photosmart 5524 e-All-in-One
HP Photosmart 5525 e-All-in-One CX042 - CX049 1828B HP Photosmart 6510 series CQ761-CQ769 1829B HP Photosmart 6520 e-All-in-One CX017A - CX021C 1828B HP Photosmart 7520 series CZ025A
CZ045A - CZ046A 1826A HP Photosmart Plus All-in-One B210 series B210 1829A HP Smart Tank Wireless 450 Z4B07A
Z4B56A 1737J
1805J
...
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report: To report a potential security vulnerability with any HP supported product, send email to: L: hp-security-alert@hp.com.

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-si...d=hpsc_profile.

Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

PI HP Printing and Imaging HF HP Hardware and Firmware GN HP General Software
Click to expand...

Read more: HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution | HP Customer Support

:)

keakar · Aug 6, 2018

Printer advice

hp printers have the most expensive ink of all printers, the most economical is cannon and epson so i suggest if you looking to keep costs down look at those brands.

that being said it may not have the best print quality if it uses less costly ink.

if keeping cost down is the most important then shop in reverse, find a brand that has cheap replacement ink cartridges then see what printers they are used on. then from that list look to see if you like any of those printers and if they are affordable to you, if not then select another ink cartridge and look at the printers that those are used on. this method will give you the most affordable printer and the cheapest cost of replacement ink.

personally i use the refillable ink cartridges like these: http://www.inkproducts.com/ink-store/catalog/Our-Epson-Refill-Kits-orderby0-p-1-c-4.html

Mooly · Aug 6, 2018

HP printers start rejecting budget ink cartridges.

In the news today.

HP printers start rejecting budget ink cartridges - BBC News

Code: Large numbers of HP printer owners found their printers stopped recognising unofficial printer ink cartridges on 13 September. Dutch printer ink vendor 123inkt said it had received more than 1,000 complaints in one day. HP said that during its last firmware update, settings had been changed so HP printers would communicate with only HP-chipped cartridges.[/quote]

Brink · Aug 6, 2018

HoloLens Security Update July 11- Remote Code Execution Vulnerability

CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability

A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.

The update addresses the vulnerability by correcting how Hololens handles objects in memory.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service Yes No 2 - Exploitation Less Likely 2 - Exploitation Less Likely Not Applicable
Affected Products

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Product Platform Article Download Impact Severity Supersedence Windows 10 Version 1607 for 32-bit Systems 4025339 Security Update Remote Code Execution Critical 4022715 Windows 10 Version 1607 for x64-based Systems 4025339 Security Update Remote Code Execution Critical 4022715 Windows Server 2016 4025339 Security Update Remote Code Execution Critical 4022715 Windows Server 2016 (Server Core installation) 4025339 Security Update Remote Code Execution Critical 4022715
Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

Acknowledgments

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See acknowledgments for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

Version Date Description 1.0 07/11/2017 Information published.
Click to expand...

Source: CVE-2017-8584 | HoloLens Remote Code Execution Vulnerability - Microsoft Security TechCenter

Windows 10: HP Ink Printers Remote Code Execution Vulnerability

HP Ink Printers Remote Code Execution Vulnerability

HP Ink Printers Remote Code Execution Vulnerability

HP Ink Printers Remote Code Execution Vulnerability

HP Ink Printers Remote Code Execution Vulnerability - Similar Threads - Ink Printers Remote

3D Builder remote code execution vulnerability

3D Builder remote code execution vulnerability

3D Builder remote code execution vulnerability

Windows Print Spooler Remote Code Execution Vulnerability CVE-2021-34527

Workaround for the Windows Print Spooler Remote Code Execution Vulnerability

Type 1 Font Parsing Remote Code Execution Vulnerability for Windows

CVE-2018-8421 - .NET Framework Remote Code Execution Vulnerability

CVE-2018-8245 Microsoft Publisher Remote Code Execution Vulnerability

HoloLens Security Update July 11- Remote Code Execution Vulnerability

Users found this page by searching for:

remote code execution cve