Vulnerabilities > CVE-2010-3007 - Unspecified vulnerability in HP Data Protector Express 3.1/3.5/4.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Exploit-Db
| description | HP Data Protector DtbClsLogin Buffer Overflow. CVE-2010-3007. Remote exploit for windows platform |
| id | EDB-ID:23290 |
| last seen | 2016-02-02 |
| modified | 2012-12-11 |
| published | 2012-12-11 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/23290/ |
| title | HP Data Protector DtbClsLogin Buffer Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default. |
| id | MSF:EXPLOIT/WINDOWS/MISC/HP_DATAPROTECTOR_DTBCLSLOGIN |
| last seen | 2020-05-21 |
| modified | 2017-07-24 |
| published | 2012-12-11 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb |
| title | HP Data Protector DtbClsLogin Buffer Overflow |
Nessus
| NASL family | Windows |
| NASL id | HP_DATA_PROTECTOR_EXP_MULTIPLE.NASL |
| description | HP Data Protector Express is installed on the remote host. The installed version of the software is affected by multiple remote vulnerabilities including a buffer overflow and a NULL pointer deference. An attacker could leverage these vulnerabilities to execute remote code or cause a denial of service attack on the affected host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 49645 |
| published | 2010-09-22 |
| reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/49645 |
| title | HP Data Protector Express < 4.x build 56906 / 3.x build 56936 Multiple Vulnerabilities |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/118776/hp_dataprotector_dtbclslogin.rb.txt |
| id | PACKETSTORM:118776 |
| last seen | 2016-12-05 |
| published | 2012-12-12 |
| reporter | AbdulAziz Hariri |
| source | https://packetstormsecurity.com/files/118776/HP-Data-Protector-DtbClsLogin-Buffer-Overflow.html |
| title | HP Data Protector DtbClsLogin Buffer Overflow |
Saint
| bid | 43105 |
| description | HP Data Protector Express DtbClsLogin function buffer overflow |
| osvdb | 67973 |
| title | hp_data_protector_express_dtbclslogin |
| type | remote |