HP Device Access Manager for HP ProtectTools Heap Memory Corruption Vulnerability

Bugtraq ID:	50895
Class:	Boundary Condition Error
CVE:	CVE-2011-4162
Remote:	Yes
Local:	No
Published:	Dec 02 2011 12:00AM
Updated:	Jul 05 2012 11:40PM
Credit:	High-Tech Bridge SA Security Research Lab
Vulnerable:	HP Device Access Manager for HP ProtectTools 5.0.1 8 HP Device Access Manager for HP ProtectTools 6.0.0.12 HP Device Access Manager for HP ProtectTools 5.0.0.5
Not Vulnerable:	HP Device Access Manager for HP ProtectTools 5.0.1 9 HP Device Access Manager for HP ProtectTools 6.1.0.1

HP Device Access Manager for HP ProtectTools Heap Memory Corruption Vulnerability

HP Device Access Manager for HP ProtectTools is prone to a remote heap-memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

HP Device Access Manager for HP ProtectTools versions prior to 6.1.0.1 are vulnerable.

HP Device Access Manager for HP ProtectTools Heap Memory Corruption Vulnerability

The following proof-of-concept is available:

• /data/vulnerabilities/exploits/50895.html

HP Device Access Manager for HP ProtectTools Heap Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references for more information.

HP Device Access Manager for HP ProtectTools Heap Memory Corruption Vulnerability

References:

• Device Access Manager for HP ProtectTools Homepage (HP)
  
• HPSBHF02723 SSRT100536 rev.1 - HP Protect Tools Device Access Manager for Window (HP)
  
• HTB23044: Heap Memory Corruption in HP Device Access Manager for Protect Tools I (High-Tech Bridge SA Security Research Lab)