31 lines
No EOL
1.1 KiB
Text
31 lines
No EOL
1.1 KiB
Text
#Exploit Title: HP Data Protector Media Operations 6.11 Multiple NULL Pointer Dereference Local DoS (0day)
|
|
|
|
#Date: 11/09/2010
|
|
|
|
#Author: d0lc3 d0lc3x[at]gmail[dom]com
|
|
|
|
#Author Link: http://elotrolad0.blogspot.com/
|
|
|
|
#Software Link: (trial) https://h10078.www1.hp.com/cda/hpdc/navigation.do?
|
|
action=downloadBinStart&caid=44914&cp=54_4000_100&zn=bto&filename=B7
|
|
129AAE
|
|
|
|
#Version: 6.11
|
|
|
|
#Tested on: win32 XP SP3 (spa)
|
|
|
|
#Summary:
|
|
"DBServer.exe" and "DBTools.exe" are prone to local denial of service
|
|
causing a NULL pointer Dereference.
|
|
Correct manipulation of .4DC file format should to allow attackers exploit this
|
|
issue to crash application, denying service to legitimate users. Due to the
|
|
nature of this issue, attackers may be able to execute local arbitrary
|
|
code, but this has not been confirmed.
|
|
|
|
More details on author blog:
|
|
|
|
http://elotrolad0.blogspot.com/2010/09/hp-data-protector-media-operations-611.html
|
|
|
|
by r0i
|
|
|
|
PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/14974.rar (HP_Data_Protector_Poc.rar) |