7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.843 High
EPSS
Percentile
98.2%
Added: 10/07/2010
CVE: CVE-2010-3007
BID: 43105
OSVDB: 67973
HP Data Protector Express is a backup and recovery solution for single machines and small networks.
A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute arbitrary commands.
Apply the patch referenced in HP Security Bulletin HPSBMA02576 SSRT090231.
<http://www.zerodayinitiative.com/advisories/ZDI-10-174/>
Exploit works on HP Data Protector Express 3.5 Build 37634.
Windows