HP OpenView Storage Data Protector Cell Manager 'crs.exe' Remote Code Execution Vulnerability

HP OpenView Storage Data Protector is prone to a remote code-execution vulnerability that affects the Cell Manager component because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise an affected computer.

The issue affects HP OpenView Storage Data Protector version 6.11 running on HP-UX, Solaris, Linux, and Windows.


 

Privacy Statement
Copyright 2010, SecurityFocus