Vulnerabilities > CVE-2010-3007 - Unspecified vulnerability in HP Data Protector Express 3.1/3.5/4.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

nessus

exploit available

metasploit

NVD

Published: 2010-09-09

Updated: 2019-10-09

Summary

Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Data Protector Express 3.1 HP Data Protector Express 3.5 HP Data Protector Express 4.0	10

Exploit-Db

description	HP Data Protector DtbClsLogin Buffer Overflow. CVE-2010-3007. Remote exploit for windows platform
id	EDB-ID:23290
last seen	2016-02-02
modified	2012-12-11
published	2012-12-11
reporter	metasploit
source	https://www.exploit-db.com/download/23290/
title	HP Data Protector DtbClsLogin Buffer Overflow

Metasploit

description	This module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default.
id	MSF:EXPLOIT/WINDOWS/MISC/HP_DATAPROTECTOR_DTBCLSLOGIN
last seen	2020-05-21
modified	2017-07-24
published	2012-12-11
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3007 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498535
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb
title	HP Data Protector DtbClsLogin Buffer Overflow

Nessus

NASL family	Windows
NASL id	HP_DATA_PROTECTOR_EXP_MULTIPLE.NASL
description	HP Data Protector Express is installed on the remote host. The installed version of the software is affected by multiple remote vulnerabilities including a buffer overflow and a NULL pointer deference. An attacker could leverage these vulnerabilities to execute remote code or cause a denial of service attack on the affected host.
last seen	2020-06-01
modified	2020-06-02
plugin id	49645
published	2010-09-22
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49645
title	HP Data Protector Express < 4.x build 56906 / 3.x build 56936 Multiple Vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/118776/hp_dataprotector_dtbclslogin.rb.txt
id	PACKETSTORM:118776
last seen	2016-12-05
published	2012-12-12
reporter	AbdulAziz Hariri
source	https://packetstormsecurity.com/files/118776/HP-Data-Protector-DtbClsLogin-Buffer-Overflow.html
title	HP Data Protector DtbClsLogin Buffer Overflow

Saint

bid	43105
description	HP Data Protector Express DtbClsLogin function buffer overflow
osvdb	67973
title	hp_data_protector_express_dtbclslogin
type	remote

References

http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498535