Stack-based buffer overflow in HP Power Manager
CVE-2009-3999

Currently unrated

Key Information:

Vendor: HP
Status: Power Manager
Vendor: CVE Published:; 20 January 2010

What is CVE-2009-3999?

A stack-based buffer overflow exists in the goform/formExportDataLogs function within HP Power Manager, prior to version 4.2.10. This flaw enables remote attackers to execute arbitrary code by exploiting the vulnerability through a specially crafted long 'fileName' parameter. The issue poses a significant risk, allowing unauthorized manipulation of the system.

References

http://secunia.com/secunia_research/2009-47/

x_refsource_MISC

http://securityreason.com/securityalert/8482

third-party-advisoryx_refsource_SREASON

http://secunia.com/advisories/37280

third-party-advisoryx_refsource_SECUNIA

EPSS Score

73% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2010
Vulnerability Reserved
Nov 19, 2009