Lucene search
SAINT CorporationSAINT:681D3111ECEE521EB7833061CBE5A2ADHistoryJul 23, 2012 - 12:00 a.m.
HP Data Protector Express Opcode 0x320 Overflow
2012-07-2300:00:00
SAINT Corporation
www.saintcorporation.com
18
0.115 Low
EPSS
Percentile
95.3%
Added: 07/23/2012
CVE: CVE-2012-0121
BID: 52431
OSVDB: 80102
Background
HP Data Protector Express is a backup and recovery solution for single machines and small networks.
Problem
A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not sufficiently validated. A remote unauthenticated attacker may exploit this vulnerability to gain execution access on the target system.
Resolution
Apply the patch referenced in HP Security Bulletin HPSBMU02746 SSRT100781.
References
<http://www.zerodayinitiative.com/advisories/ZDI-12-097/>
Limitations
This exploit has been tested against HP Data Protector Express 6.0.00.11974 on Windows XP SP3 English (DEP OptIn).
Platforms
Windows
Related
saint
saint
HP Data Protector Express Opcode 0x320 Overflow
2012-07-23 00:00:00
HP Data Protector Express Opcode 0x320 Overflow
2012-07-23 00:00:00
HP Data Protector Express Opcode 0x320 Overflow
2012-07-23 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Code injection
2012-03-14 03:28:00
cvelist
cvelist
CVE-2012-0121
2022-10-03 16:15:40
cve
cve
CVE-2012-0121
2022-10-03 16:15:40
securityvulns
securityvulns
nvd
nvd
CVE-2012-0121
2012-03-14 03:28:49
zdi
zdi
attackerkb
attackerkb
HP Data Protector Express 6.0.00.11974 dpwintdb.exe Buffer Overflow
2012-03-14 00:00:00
nessus
nessus