Summary
This host is installed with HP iNode Management Center and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code under the context of the SYSTEM user which results in stack-based buffer overflow.
Impact Level: System/Application
Solution
Apply the patch from below link,
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473527
Insight
The flaws are present due to error in the iNOdeMngChecker.exe component which fails to handle the user supplied crafted 0x0A0BF007 packet.
Affected
HP iNode Management Center iNode PC 5.1 E0303 and prior
References
- http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473527
- http://secunia.com/advisories/50350/
- http://telussecuritylabs.com/threats/show/TSL20120822-08
- http://www.securityfocus.com/archive/1/523984
- http://zerodayinitiative.com/advisories/ZDI-12-163/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3254 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Acrobat Remote Code Execution Vulnerability(Win)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)