Remote Code Execution Vulnerability in HP Intelligent Management Center
CVE-2011-1867

Currently unrated

Key Information:

Vendor: HP
Status: User Access Manager; Endpoint Admission Defense; Intelligent Management Center
Vendor: CVE Published:; 11 July 2011

Summary

A buffer overflow in the iNodeMngChecker.exe component of the HP Intelligent Management Center allows remote attackers to send specially crafted packets (0x0A0BF007) that can lead to arbitrary code execution. Systems using User Access Manager and Endpoint Admission Defense prior to specified service pack versions are particularly at risk. This vulnerability can be exploited by attackers to potentially gain unauthorized access and control over affected systems.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-232/

x_refsource_MISC

http://www.securityfocus.com/bid/48527

vdb-entryx_refsource_BID

http://www.osvdb.org/73597

vdb-entryx_refsource_OSVDB

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 11, 2011
Vulnerability Reserved
May 3, 2011