CVE-2011-3162

Related Files

Zero Day Initiative Advisory 11-321

Posted Nov 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

tags | advisory, remote, web, arbitrary, tcp

advisories | CVE-2011-3162

SHA-256 | 6bcd7459335c9a7f66cc29ce7e4dc243db4ff465bd47ad13d99aba40151ce33c

Download | Favorite | View

HP Security Bulletin HPSBMU02716 SSRT100651

Posted Oct 20, 2011

Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02716 SSRT100651 - Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability

advisories | CVE-2011-3156, CVE-2011-3157, CVE-2011-3158, CVE-2011-3159, CVE-2011-3160, CVE-2011-3161, CVE-2011-3162

SHA-256 | b7853ac47e9218a7955989ca50fa8ca63e277aa9d5506ea37926e5b1dba524da

Download | Favorite | View