Vulnerabilities > CVE-2012-2019 - Unspecified vulnerability in HP Operations Agent

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

critical

exploit available

metasploit

NVD

Published: 2012-07-11

Updated: 2019-10-09

Summary

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Operations Agent 7.36 HP Operations Agent 8.51 HP Operations Agent 8.51.102 HP Operations Agent 8.52 HP Operations Agent 8.53 HP Operations Agent 8.60 HP Operations Agent 8.60.005 HP Operations Agent 8.60.006 HP Operations Agent 8.60.007 HP Operations Agent 8.60.7 HP Operations Agent 8.60.008 HP Operations Agent 8.60.501 HP Operations Agent 11.0	13

Exploit-Db

description	HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow. CVE-2012-2019. Remote exploit for windows platform
id	EDB-ID:22306
last seen	2016-02-02
modified	2012-10-29
published	2012-10-29
reporter	metasploit
source	https://www.exploit-db.com/download/22306/
title	HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow

Metasploit

description	This module exploits a buffer overflow vulnerability in HP Operations Agent for Windows. The vulnerability exists in the HP Software Performance Core Program component (coda.exe) when parsing requests for the 0x34 opcode. This module has been tested successfully on HP Operations Agent 11.00 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass). The coda.exe components runs only for localhost by default, network access must be granted through its configuration to be remotely exploitable. On the other hand it runs on a random TCP port, to make easier reconnaissance a check function is provided.
id	MSF:EXPLOIT/WINDOWS/MISC/HP_OPERATIONS_AGENT_CODA_34
last seen	2020-03-18
modified	2017-07-24
published	2012-10-27
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2019
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/misc/hp_operations_agent_coda_34.rb
title	HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow

Packetstorm

data source	https://packetstormsecurity.com/files/download/117729/hp_operations_agent_coda_34.rb.txt
id	PACKETSTORM:117729
last seen	2016-12-05
published	2012-10-28
reporter	Luigi Auriemma
source	https://packetstormsecurity.com/files/117729/HP-Operations-Agent-Opcode-coda.exe-0x34-Buffer-Overflow.html
title	HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow

Saint

bid	54362
description	HP Operations Agent Opcode 0x34 vulnerability
id	misc_hpoperationsagentver
osvdb	83673
title	hp_operations_agent_opcode_34
type	remote

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769