CVE-2012-2019

HP Operations Agent <11.03.12 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2019. PoCs published by Metasploit, Luigi Auriemma, juan vazquez, including Metasploit module exploits/windows/misc/hp_operations_agent_coda_34.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent's coda.exe component via opcode 0x34. It includes SEH-based exploitation for Windows XP SP3 and ROP-based exploitation for Windows 2003 SP2, with DEP bypass capabilities.

Description

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22306

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent's coda.exe component via opcode 0x34. It includes SEH-based exploitation for Windows XP SP3 and ROP-based exploitation for Windows 2003 SP2, with DEP bypass capabilities.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Operations Agent 11.00

No auth needed

Prerequisites: Network access to coda.exe (default localhost only) · Random TCP port discovery via ping check

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Luigi Auriemma, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent's coda.exe (0x34 opcode) to achieve remote code execution. It includes SEH and ROP-based exploitation techniques for Windows XP SP3 and Windows 2003 SP2, with DEP bypass capabilities.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Operations Agent 11.00 (coda.exe)

No auth needed

Prerequisites: Network access to coda.exe (default localhost only) · Random TCP port must be identified or configured for remote access

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769

Scores

EPSS 0.6469

EPSS Percentile 99.1%

Details

Status published

Products (13)

hp/operations_agent 7.36

hp/operations_agent 8.51

hp/operations_agent 8.51.102

hp/operations_agent 8.52

hp/operations_agent 8.53

hp/operations_agent 8.60

hp/operations_agent 8.60.005

hp/operations_agent 8.60.006

hp/operations_agent 8.60.007

hp/operations_agent 8.60.7

... and 3 more

Published Jul 11, 2012

Tracked Since Feb 18, 2026