HP Data Protector Express DtbClsLogin function buffer overflow
Added: 10/07/2010CVE: CVE-2010-3007
BID: 43105
OSVDB: 67973
Background
HP Data Protector Express is a backup and recovery solution for single machines and small networks.Problem
A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute arbitrary commands.Resolution
Apply the patch referenced in HP Security Bulletin HPSBMA02576 SSRT090231.References
http://www.zerodayinitiative.com/advisories/ZDI-10-174/Limitations
Exploit works on HP Data Protector Express 3.5 Build 37634.Platforms
WindowsBack to exploit index