10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.081 Low
EPSS
Percentile
94.1%
Added: 07/23/2012
CVE: CVE-2012-0121
BID: 52431
OSVDB: 80102
HP Data Protector Express is a backup and recovery solution for single machines and small networks.
A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not sufficiently validated. A remote unauthenticated attacker may exploit this vulnerability to gain execution access on the target system.
Apply the patch referenced in HP Security Bulletin HPSBMU02746 SSRT100781.
<http://www.zerodayinitiative.com/advisories/ZDI-12-097/>
This exploit has been tested against HP Data Protector Express 6.0.00.11974 on Windows XP SP3 English (DEP OptIn).
Windows