Vulnerability Details CVE-2011-4162
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.225
EPSS Ranking 95.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=132284686204608&w=2
- http://marc.info/?l=bugtraq&m=132284686204608&w=2
- http://marc.info/?l=bugtraq&m=134152032516062&w=2
- http://marc.info/?l=bugtraq&m=134152032516062&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71600
- https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html
- http://marc.info/?l=bugtraq&m=132284686204608&w=2
- http://marc.info/?l=bugtraq&m=132284686204608&w=2
- http://marc.info/?l=bugtraq&m=134152032516062&w=2
- http://marc.info/?l=bugtraq&m=134152032516062&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71600
- https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html
Products affected by CVE-2011-4162
-
cpe:2.3:a:hp:protecttools_device_access_manager:*
-
cpe:2.3:a:hp:protecttools_device_access_manager:6.0.0.10
-
cpe:2.3:a:hp:protecttools_device_access_manager:6.0.0.9