HP Power Manager formLogin buffer overflow
Added: 12/28/2010CVE: CVE-2010-4113
OSVDB: 69969
Background
HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console.Problem
A buffer overflow vulnerability in the Administration interface allows remote attackers to execute arbitrary commands by sending a request for the formLogin program with a specially crafted Login parameter.Resolution
Upgrade to HP Power Manager 4.3.2.References
http://www.securityfocus.com/archive/1/515283Limitations
Exploit works on HP Power Manager 4.2.10 on Windows Server 2003 SP2 with KB956802 and KB956572.Platforms
WindowsBack to exploit index