HP Data Protector Express DtbClsLogin function buffer overflow

Added: 10/07/2010
CVE: CVE-2010-3007
BID: 43105
OSVDB: 67973

Background

HP Data Protector Express is a backup and recovery solution for single machines and small networks.

Problem

A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in HP Security Bulletin HPSBMA02576 SSRT090231.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-174/

Limitations

Exploit works on HP Data Protector Express 3.5 Build 37634.

Platforms

Windows

Back to exploit index