Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A295B7037894474A20A85F2581F648CC
HistoryOct 07, 2010 - 12:00 a.m.

HP Data Protector Express DtbClsLogin function buffer overflow

2010-10-0700:00:00
SAINT Corporation
download.saintcorporation.com
17

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.843 High

EPSS

Percentile

98.2%

JSON

Added: 10/07/2010
CVE: CVE-2010-3007
BID: 43105
OSVDB: 67973

Background

HP Data Protector Express is a backup and recovery solution for single machines and small networks.

Problem

A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in HP Security Bulletin HPSBMA02576 SSRT090231.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-174/&gt;

Limitations

Exploit works on HP Data Protector Express 3.5 Build 37634.

Platforms

Windows

Related

saint 3
prion 2
zdi 1
checkpoint_advisories 1
securityvulns 3
cve 2
packetstorm 1
nessus 1
saint
saint
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
prion
prion
Code injection
2010-09-09 22:00:00
Code injection
2010-09-13 21:00:00
zdi
zdi
Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
2010-09-13 00:00:00
checkpoint_advisories
checkpoint_advisories
HP Data Protector Express DtbClsLogin Stack Buffer Overflow (CVE-2010-3007)
2010-10-05 00:00:00
securityvulns
securityvulns
ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
2010-09-17 00:00:00
[security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition &#40;SSE&#41;, Local Denial of Service &#40;DoS&#41;, Execution of Arbitrary Code
2010-09-11 00:00:00
HP Data Protector Express privilege escalation
2010-09-17 00:00:00
cve
cve
CVE-2010-3007
2010-09-09 22:00:00
CVE-2010-3008
2010-09-13 21:00:00
packetstorm
packetstorm
HP Data Protector DtbClsLogin Buffer Overflow
2012-12-12 00:00:00
nessus
nessus
HP Data Protector Express < 4.x build 56906 / 3.x build 56936 Multiple Vulnerabilities
2010-09-22 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.843 High

EPSS

Percentile

98.2%

JSON
Related for SAINT:A295B7037894474A20A85F2581F648CC
saint3prion2zdi1checkpoint_advisories1securityvulns3cve2packetstorm1nessus1