CVE ID | |
CVSS SCORE | 5.1, AV:N/AC:H/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
Hewlett-Packard |
AFFECTED PRODUCTS |
Data Protector |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['13791']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
The specific flaw exists within omnidlc.exe which can be called via crs.exe. The issue lies in the failure to properly validate the size of a string before copying it into a fixed-sized buffer. A remote attacker can chain this with another vulnerability to execute remote code under the context of the user running Data Protector. |
ADDITIONAL DETAILS |
03/26/2014 - ZDI disclosed to vendor Mitigation:
|
DISCLOSURE TIMELINE |
|
CREDIT | Aniway.Anyway@gmail.com |