Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4162

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4162
Last Modified 21 Jul 2012 11:31:26
Published 05 Dec 2011 06:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4162

Summary

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

Vulnerable Systems

Application

  • Hp Protecttools Device Access Manager 6.0.0.10

  • Hp Protecttools Device Access Manager 6.0.0.12

  • Hp Protecttools Device Access Manager 6.0.0.9


References

MISC - https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html

HP - HPSBHF02723

HP - SSRT100536

XF - hp-device-unspec-code-execution(71600)

HP - SSRT100795

HP - HPSBGN02750


Last Updated: 27 May 2016 10:57:26