CVE-2012-0124

Related Files

HP Data Protector Create New Folder Buffer Overflow

Posted Jul 2, 2012

Authored by sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Data Protector 5. The overflow occurs in the creation of new folders, where the name of the folder is handled in a insecure way by the dpwindtb.dll component. While the overflow occurs in the stack, the folder name is split in fragments in this insecure copy. Because of this, this module uses egg hunting to search a non corrupted copy of the payload in the heap. On the other hand the overflowed buffer is stored in a frame protected by stack cookies, because of this SEH handler overwrite is used. Any user of HP Data Protector Express is able to create new folders and trigger the vulnerability. Moreover, in the default installation the 'Admin' user has an empty password. Successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.

tags | exploit, overflow, code execution

advisories | CVE-2012-0124, OSVDB-80105

SHA-256 | 962411e193e7b384adfe805773b642d125d223dcbeecdc498ef53de2cbc5c202

Download | Favorite | View

HP Security Bulletin HPSBMU02746 SSRT100781

Posted Mar 14, 2012

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02746 SSRT100781 - Potential security vulnerabilities have been identified with HP Data Protector Express (DPX) 5.0 and 6.0. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability

advisories | CVE-2012-0121, CVE-2012-0122, CVE-2012-0123, CVE-2012-0124

SHA-256 | 83a0d55e3394aa78f27458d386be674804605818ba2a00eb0f3834f45aea89b9

Download | Favorite | View