CVE-2012-2020

HP Operations Agent <11.03.12 - RCE

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2020. PoCs published by Metasploit, Luigi Auriemma, juan vazquez, including Metasploit module exploits/windows/misc/hp_operations_agent_coda_8c.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent's coda.exe component via opcode 0x8c, achieving remote code execution. It includes SEH and ROP-based exploitation techniques for Windows XP SP3 and Windows 2003 SP2.

Description

Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22305

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent's coda.exe component via opcode 0x8c, achieving remote code execution. It includes SEH and ROP-based exploitation techniques for Windows XP SP3 and Windows 2003 SP2.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Operations Agent 11.00

No auth needed

Prerequisites: Network access to coda.exe (default localhost only) · Target running HP Operations Agent 11.00

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Luigi Auriemma, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent's coda.exe (0x8c opcode) to achieve remote code execution. It includes SEH and ROP-based exploitation techniques for Windows XP SP3 and Windows 2003 SP2, with a check function for target reconnaissance.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Operations Agent 11.00 (coda.exe)

No auth needed

Prerequisites: Network access to coda.exe (default localhost only) · Target running HP Operations Agent 11.00

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03397769

Scores

EPSS 0.6469

EPSS Percentile 99.1%

Details

Status published

Products (13)

hp/operations_agent 7.36

hp/operations_agent 8.51

hp/operations_agent 8.51.102

hp/operations_agent 8.52

hp/operations_agent 8.53

hp/operations_agent 8.60

hp/operations_agent 8.60.005

hp/operations_agent 8.60.006

hp/operations_agent 8.60.007

hp/operations_agent 8.60.7

... and 3 more

Published Jul 11, 2012

Tracked Since Feb 18, 2026