Summary
This host is installed with HP iNode Management Center and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code under the context of the SYSTEM user which results in stack-based buffer overflow.
Impact Level: System/Application
Solution
Apply the patch from below link,
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473527
Insight
The flaws are present due to error in the iNOdeMngChecker.exe component which fails to handle the user supplied crafted 0x0A0BF007 packet.
Affected
HP iNode Management Center iNode PC 5.1 E0303 and prior
References
- http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473527
- http://secunia.com/advisories/50350/
- http://telussecuritylabs.com/threats/show/TSL20120822-08
- http://www.securityfocus.com/archive/1/523984
- http://zerodayinitiative.com/advisories/ZDI-12-163/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3254 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)