1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: HP Data Protector CVE-2012-0122

Attack: HP Data Protector CVE-2012-0122

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in HP Data Protector which could result in remote code execution.

Additional Information

HP Data Protector Express is a backup and recovery solution.

The application is prone to the following security vulnerabilities:

1. A remote code-execution vulnerability affects the 'dpwinsdr.exe' process. This issue exists because the process fails to validate user supplied input before copying it into a stack buffer. A remote unauthenticated attacker can exploit this issue by sending a specially crafted 0x320 'opcode' message packet to the application. CVE-2012-0121

2. A remote code-execution vulnerability affects the 'dpwinsdr.exe' process. This issue exists because the process fails to validate user supplied input before copying it into a stack buffer. A remote unauthenticated attacker can exploit this issue by sending a specially crafted 0x330 'opcode' message packet to the application. CVE-2012-0122

3. Multiple unspecified remote code-execution vulnerabilities affect the application. CVE-2012-0123, CVE-2012-0124

Successfully exploiting these issues allow an attacker to execute arbitrary code with SYSTEM privileges.

Affected

  • HP Data Protector Express versions prior to 5.0.00 build 59287 and prior to 6.0.00 build 11974 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube