CVE-2011-4162

HP Protect Tools Device Access Manager <6.1.0.1 - RCE

Title source: llm

Description

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · htmldoswindows

https://www.exploit-db.com/exploits/36403

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://marc.info/?l=bugtraq&m=132284686204608&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=134152032516062&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/71600

[Exploit] https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html

Scores

EPSS 0.4176

EPSS Percentile 97.4%

Details

CWE

CWE-119

Status published

Products (3)

hp/protecttools_device_access_manager 6.0.0.9

hp/protecttools_device_access_manager 6.0.0.10

hp/protecttools_device_access_manager < 6.0.0.12

Published Dec 05, 2011

Tracked Since Feb 18, 2026