Added: 04/05/2013
CVE: CVE-2012-5201
BID: 58385
OSVDB: 91026
HP Intelligent Management Center (IMC), also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities.
HP IMC 5.1 E0202 and earlier is vulnerable to remote code execution as a result of the **mibFileUpload**
servlet allowing an unauthenticated remote attacker to create arbitrary files on the vulnerable server. A successful attacker could execute arbitrary code on the server in the context of the SYSTEM user.
Apply updates as directed in HP Security Bulletin HPSBGN02854 SSRT100881.
<http://www.zerodayinitiative.com/advisories/ZDI-13-050/>
This exploit was tested against HP Intelligent Management Center v5.1 E0202 on Windows Server 2003 SP2 English and Windows Server 2008 SP2 with DEP OptOut.
The Perl module **Archive::Zip**
is required to run the exploit.
Windows