Lucene search

K
zdiAbdulAziz HaririZDI-12-089
HistoryJun 06, 2012 - 12:00 a.m.

HP DataDirect OpenAccess GIOP Parsing Remote Code Execution Vulnerability

2012-06-0600:00:00
AbdulAziz Hariri
www.zerodayinitiative.com
16

EPSS

0.92

Percentile

99.0%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications using DataDirect’s SequeLink. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application processes GIOP packets. When processing a specific GIOP packet, the application will trust a size field in the packet. The application will use this size in a copy operation into a statically sized buffer which can cause a buffer overflow. This can lead to code execution under the context of the service.

EPSS

0.92

Percentile

99.0%