HP Data Protector Express Opcode 0x320 Overflow

2012-07-23T00:00:00
ID SAINT:9B54DF5BF499A95FFB796D83F4231C05
Type saint
Reporter SAINT Corporation
Modified 2012-07-23T00:00:00

Description

Added: 07/23/2012
CVE: CVE-2012-0121
BID: 52431
OSVDB: 80102

Background

HP Data Protector Express is a backup and recovery solution for single machines and small networks.

Problem

A stack overflow vulnerability exists in dpwindtb.dll. Validation of parameters to Opcode 0x320 requests are not sufficiently validated. A remote unauthenticated attacker may exploit this vulnerability to gain execution access on the target system.

Resolution

Apply the patch referenced in HP Security Bulletin HPSBMU02746 SSRT100781.

References

<http://www.zerodayinitiative.com/advisories/ZDI-12-097/>

Limitations

This exploit has been tested against HP Data Protector Express 6.0.00.11974 on Windows XP SP3 English (DEP OptIn).

Platforms

Windows