Stack-based Buffer Overflow in HP Power Manager Affects Remote Access Security
CVE-2010-4113

Currently unrated

Key Information:

Vendor: HP
Status: Power Manager
Vendor: CVE Published:; 22 December 2010

Summary

A stack-based buffer overflow vulnerability exists in HP Power Manager before version 4.3.2. This flaw allows remote attackers to exploit the management web server by sending specially crafted requests that include a long Login variable. Successful exploitation may result in arbitrary code execution, potentially compromising system integrity and confidentiality.

References

http://www.securitytracker.com/id?1024902

vdb-entryx_refsource_SECTRACK

http://marc.info/?l=bugtraq&m=129251322532373&w=2

vendor-advisoryx_refsource_HP

http://www.zerodayinitiative.com/advisories/ZDI-10-292/

x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 22, 2010
Vulnerability Reserved
Oct 27, 2010