what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from HP DVLabs

Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution

Posted Jun 30, 2012

Authored by HP DVLabs, Brian Gorenc | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle AutoVue. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AutoVueX.ocx ActiveX object. There exists a method SetMarkupMode() that takes an unbounded string as an argument and copies it to a fixed-length buffer on the stack. This can lead to memory corruption which can be leveraged to execute code under the context of the process.

tags | advisory, remote, arbitrary, activex

SHA-256 | d0b8d50ce085b0435944a0735fd5ffce0d7e03f8b5c5b4f151b32a911007ff7a

Download | Favorite | View

Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution

Posted Jun 29, 2012

Authored by Aaron Portnoy, HP DVLabs | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp

advisories | CVE-2012-0123

SHA-256 | 556adc16dad6ca3f4873f33810b698ebf5dfd71151e2fd435143e01f45c5066c

Download | Favorite | View