CVE-2010-3007
published 2010-09-09CVE-2010-3007: Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build…
PriorityP336high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
5.06%
91.2th percentile
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | data_protector_express | — | — |
| hp | data_protector_express | — | — |
| hp | data_protector_express | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fhc7-65vq-vxh4: Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3
ghsa_unreviewed·2022-05-13·CVSS 7.2
CVE-2010-3008 [HIGH] GHSA-fhc7-65vq-vxh4: Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.
GHSA
GHSA-89jp-7f7p-29p6: Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3
ghsa_unreviewed·2022-05-13
CVE-2010-3007 [HIGH] GHSA-89jp-7f7p-29p6: Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
No detection rules found.
Exploit-DB
HP Data Protector - DtbClsLogin Buffer Overflow (Metasploit)
exploitdb·2012-12-11
CVE-2010-3007 HP Data Protector - DtbClsLogin Buffer Overflow (Metasploit)
HP Data Protector - DtbClsLogin Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'HP Data Protector DtbClsLogin Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The
overflow occurs during the login process, in the DtbClsLogin function provided by
the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an
insecure way with the username. A successful exploitation will lead to code execution
with the privileges of the "dpwinsdr.e
Metasploit
HP Data Protector DtbClsLogin Buffer Overflow
metasploit
HP Data Protector DtbClsLogin Buffer Overflow
HP Data Protector DtbClsLogin Buffer Overflow
This module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.
No writeups or analysis indexed.
2010-09-09
Published