Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAbdulAziz Hariri of Insight TechnologiesZDI-10-174
HistorySep 13, 2010 - 12:00 a.m.

Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability

2010-09-1300:00:00
AbdulAziz Hariri of Insight Technologies
www.zerodayinitiative.com
9

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.8%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the function DtbClsLogin defined in the module dpwindtb.dll on Windows and libdplindtb.so on Linux. This function takes user supplied input and copies it directly to a stack buffer. By providing a large enough string this buffer can be overrun and may result in arbitrary code execution dependent on the underlying operating system.

Related

saint 4
prion 2
packetstorm 1
cvelist 2
checkpoint_advisories 1
securityvulns 3
cve 2
nessus 1
saint
saint
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
HP Data Protector Express DtbClsLogin function buffer overflow
2010-10-07 00:00:00
prion
prion
Code injection
2010-09-09 22:00:00
Code injection
2010-09-13 21:00:00
packetstorm
packetstorm
HP Data Protector DtbClsLogin Buffer Overflow
2012-12-12 00:00:00
cvelist
cvelist
CVE-2010-3007
2022-10-03 16:20:55
CVE-2010-3008
2022-10-03 16:20:54
checkpoint_advisories
checkpoint_advisories
HP Data Protector Express DtbClsLogin Stack Buffer Overflow (CVE-2010-3007)
2010-10-05 00:00:00
securityvulns
securityvulns
ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability
2010-09-17 00:00:00
[security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code
2010-09-11 00:00:00
HP Data Protector Express privilege escalation
2010-09-17 00:00:00
cve
cve
CVE-2010-3007
2010-09-09 22:00:00
CVE-2010-3008
2010-09-13 21:00:00
nessus
nessus
HP Data Protector Express < 4.x build 56906 / 3.x build 56936 Multiple Vulnerabilities
2010-09-22 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.911 High

EPSS

Percentile

98.8%

JSON
Related for ZDI-10-174
saint4prion2packetstorm1cvelist2checkpoint_advisories1securityvulns3cve2nessus1