Lucene search
AbdulAziz Hariri of Insight TechnologiesZDI-10-174HistorySep 13, 2010 - 12:00 a.m.
Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
2010-09-1300:00:00
AbdulAziz Hariri of Insight Technologies
www.zerodayinitiative.com
10
0.922 High
EPSS
Percentile
99.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function DtbClsLogin defined in the module dpwindtb.dll on Windows and libdplindtb.so on Linux. This function takes user supplied input and copies it directly to a stack buffer. By providing a large enough string this buffer can be overrun and may result in arbitrary code execution dependent on the underlying operating system.
Related
packetstorm
packetstorm
HP Data Protector DtbClsLogin Buffer Overflow
2012-12-12 00:00:00
cvelist
cvelist
CVE-2010-3007
2022-10-03 16:20:55
CVE-2010-3008
2022-10-03 16:20:54
saint
saint
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
prion
prion
Code injection
2010-09-09 22:00:00
Code injection
2010-09-13 21:00:00
securityvulns
securityvulns
ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
2010-09-17 00:00:00
HP Data Protector Express privilege escalation
2010-09-17 00:00:00
checkpoint_advisories
checkpoint_advisories
HP Data Protector Express DtbClsLogin Stack Buffer Overflow (CVE-2010-3007)
2010-10-05 00:00:00
nvd
nvd
CVE-2010-3007
2010-09-09 22:00:02
CVE-2010-3008
2010-09-13 21:00:28
cve
cve
CVE-2010-3007
2022-10-03 16:20:55
CVE-2010-3008
2022-10-03 16:20:54
nessus
nessus