HP Data Protector CRS Opcode 211 Stack Buffer Overflow

2013-07-24T00:00:00
ID SAINT:FF52C42A34128E828889745FEB3A76AA
Type saint
Reporter SAINT Corporation
Modified 2013-07-24T00:00:00

Description

Added: 07/24/2013
CVE: CVE-2013-2333
BID: 60309
OSVDB: 93867

Background

HP Data Protector is an automated data backup solution.

Problem

A buffer overflow vulnerability in crs.exe when handling requests with opcode 211 allows remote attackers to execute arbitrary commands.

Resolution

Apply a patch referenced in HPSBMU02883 SSRT101227.

References

<http://secunia.com/advisories/53679/>

Limitations

This exploit was tested against HP Data Protector 6.2 on Windows Server 2003 SP2 English (DEP OptOut).

Platforms

Windows