| CVE ID | CVE-2013-6189 |
| CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
| AFFECTED VENDORS |
Hewlett-Packard |
| AFFECTED PRODUCTS |
Application Information Optimizer |
| VULNERABILITY DETAILS |
The specific flaw exists within oasoa.exe which listens by default on port 19988. A stack-based vulnerability can be triggered when a certain opcode byte is not in the right range. Arbitrary data can be copied to the stack and an attacker may be able to leverage this vulnerability into remote execution of arbitrary code as SYSTEM. |
| ADDITIONAL DETAILS |
Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at:
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04041078-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken |
| DISCLOSURE TIMELINE |
|
| CREDIT | Aniway.Anyway@gmail.com |
