Wednesday, 9 December 2009

HP Application Recovery Manager Stack Buffer Overflow Vulnerability

TippingPoint's Zero Day Initiative (ZDI) has published an advisory for a remote pre authentication stack buffer overflow vulnerability in the Hewlett-Packard Application Recovery Manager which leads to arbitrary code execution. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:

And the HP advisory here:

Interestingly, HP only report this as a remote Denial of Service vulnerability while both ZDI and Harmony Security have confirmed it as a remote code execution vulnerability.