Izdana je nadogradnja paketa HP iNode Intelligent Client koja rješava propust kojeg su zlonamjerni korisnici mogli iskoristiti za pokretanje proizvoljnog programskog koda sa SYSTEM ovlastima.

HP iNode Intelligent Client iNOdeMngChecker.exe Buffer Overflow
Secunia Advisory 	SA50350 	
Release Date 	2012-08-30

Criticality level 	Moderately criticalModerately critical
Impact 	System access
Where 	From local network
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
  	 
Software:	
	HP iNode Intelligent Client (iNode PC) 5.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2012-3254 CVSS available in Customer Area
	   	

Description

A vulnerability has been reported in HP iNode Intelligent Client, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in iNOdeMngChecker.exe when handling packets of type 0x0A0BF007 and can be exploited to cause a stack-based buffer overflow.

Successful exploitation allows execution of arbitrary code with SYSTEM privileges.

The vulnerability is reported in versions prior to 5.1 Patch Kit E0304.

Solution
Apply Patch Kit E0304.

Provided and/or discovered by
An anonymous person and Luigi Auriemma via ZDI.

Original Advisory
HPSB3C02809 SSRT100377:
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473527