CVE-2012-0407

EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Integer Overflow in DPA_Utilities Library

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0407. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in EMC Data Protection Advisor: a NULL pointer dereference in the AUTHENTICATECONNECTION command and a CPU exhaustion DoS via a negative 64-bit size field. Both can be triggered remotely on ports 3916 and 4001.

Description

Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · textdoshardware
https://www.exploit-db.com/exploits/18688

The exploit demonstrates two vulnerabilities in EMC Data Protection Advisor: a NULL pointer dereference in the AUTHENTICATECONNECTION command and a CPU exhaustion DoS via a negative 64-bit size field. Both can be triggered remotely on ports 3916 and 4001.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: EMC Data Protection Advisor <= 5.8.1
No auth needed
Prerequisites: Network access to ports 3916 or 4001
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/522408/30/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18688/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026956
Third Party Advisory x_refsource_misc
http://aluigi.altervista.org/adv/dpa_1-adv.txt

Scores

EPSS 0.0321
EPSS Percentile 86.6%

Details

CWE
CWE-189
Status published
Products (4)
emc/data_protection_advisor 5.5 (2 CPE variants)
emc/data_protection_advisor 5.6 (2 CPE variants)
emc/data_protection_advisor 5.7 (2 CPE variants)
emc/data_protection_advisor 5.8 (2 CPE variants)
Published Apr 20, 2012
Tracked Since Feb 18, 2026