header-logo
Suggest Exploit
vendor:
Data Protector Media Operations
by:
d0lc3
7,8
CVSS
HIGH
NULL Pointer Dereference
476
CWE
Product Name: Data Protector Media Operations
Affected Version From: 6.11
Affected Version To: 6.11
Patch Exists: NO
Related CWE: N/A
CPE: a:hewlett_packard:data_protector_media_operations:6.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

HP Data Protector Media Operations 6.11 Multiple NULL Pointer Dereference Local DoS (0day)

DBServer.exe and DBTools.exe are prone to local denial of service causing a NULL pointer Dereference. Correct manipulation of .4DC file format should to allow attackers exploit this issue to crash application, denying service to legitimate users. Due to the nature of this issue, attackers may be able to execute local arbitrary code, but this has not been confirmed.

Mitigation:

Ensure that all user input is validated and sanitized before being used in the application.
Source

Exploit-DB raw data:

#Exploit Title: HP Data Protector Media Operations 6.11 Multiple NULL Pointer Dereference Local DoS (0day)
   
#Date:          11/09/2010   

#Author:        d0lc3   d0lc3x[at]gmail[dom]com 

#Author Link:   http://elotrolad0.blogspot.com/  

#Software Link:    (trial) https://h10078.www1.hp.com/cda/hpdc/navigation.do?
action=downloadBinStart&caid=44914&cp=54_4000_100&zn=bto&filename=B7
129AAE

#Version:       6.11 

#Tested on:     win32 XP SP3 (spa)

#Summary:  
"DBServer.exe" and "DBTools.exe" are prone to local denial of service 
causing a NULL pointer Dereference. 
Correct manipulation of .4DC file format should to allow attackers exploit this
issue to crash application, denying service to legitimate users. Due to the
nature of this issue, attackers may be able to execute local arbitrary
code, but this has not been confirmed.

More details on author blog:

http://elotrolad0.blogspot.com/2010/09/hp-data-protector-media-operations-611.html

by r0i

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14974.rar (HP_Data_Protector_Poc.rar)

Navigation

Suggest Exploit

Services By CQR