HP IBRIX X9000 Storage Discloses Information to Remote Users
Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251
A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.
A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the JLS plugin (xjpegls.dll) library and execute arbitrary code on the target system. The code will run with the privileges of the target user or application.
A remote user can obtain potentially sensitive information and use that information to gain full control of the target device.