CVE-2009-0714

Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543	Vendor Advisory
http://secunia.com/advisories/35084	Third Party Advisory
http://www.securitytracker.com/id?1022220	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/1309	Third Party Advisory
http://www.securityfocus.com/bid/34955	Third Party Advisory VDB Entry
http://ivizsecurity.com/security-advisory-iviz-sr-09002.html	Broken Link
https://www.exploit-db.com/exploits/9007	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/9006	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:microsoft:windows::::::::
	cpe:2.3:o:novell:netware::::::::
	cpe:2.3:o:redhat:linux::::::::
	cpe:2.3:o:suse:suse_linux:-:::::::*

OR	cpe:2.3:a:hp:data_protector_express:3.5:sp2::::::
	cpe:2.3:a:hp:data_protector_express:3.5:sp2:::sse:::*
	cpe:2.3:a:hp:data_protector_express:4.0:sp1::::::
	cpe:2.3:a:hp:data_protector_express:4.0:sp1:::sse:::*
	cpe:2.3:a:hp:data_protector_express:3.5:sp1::::::

Information

Published : 2009-05-14 10:30

Updated : 2019-10-09 15:58

NVD link : CVE-2009-0714

Mitre link : CVE-2009-0714

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

microsoft

windows

data_protector_express

redhat

linux

suse

suse_linux

novell

netware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01697543", "name": "HPSBMA02417", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://secunia.com/advisories/35084", "name": "35084", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1022220", "name": "1022220", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2009/1309", "name": "ADV-2009-1309", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/34955", "name": "34955", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html", "name": "http://ivizsecurity.com/security-advisory-iviz-sr-09002.html", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/9007", "name": "9007", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/9006", "name": "9006", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0714", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-05-14T17:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:novell:netware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp2:*:*:sse:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:4.0:sp1:*:*:sse:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hp:data_protector_express:3.5:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T22:58Z"}

7.2 /10