TippingPoint Zero Day Initiative

EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability

ZDI-11-236: July 18th, 2011


CVSS Score

Affected Vendors

Affected Products

TippingPoint™ IPS Customer Protection

TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 11443. For further product information on the TippingPoint IPS:

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Documentum eRoom Indexing Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the bundled implementation of OpenText's HummingBird Connector. When parsing a particular packet received from a TCP connection, the application will attempt to copy part of the packet's contents into a buffer located on the stack. Due to not completely accommodating for the size of the data in the packet, the application will overwrite variables positioned after the buffer. This can lead to code execution under the context of the server.

Vendor Response

EMC has issued an update to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2011-01-21 - Vulnerability reported to vendor
    2011-07-18 - Coordinated public release of advisory


This vulnerability was discovered by:
    Stephen Fewer of Harmony Security (www.harmonysecurity.com)