You are here

U-275: HP IBRIX X9000 Storage Discloses Information to Remote Users

October 5, 2012 - 6:00am

Addthis

PROBLEM:

HP IBRIX X9000 Storage Discloses Information to Remote Users

PLATFORM:

Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251

ABSTRACT:

A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.

reference LINKS:

HP Security Bulletin: c03510876
SecurityTracker Alert ID:  1027590
CVE-2012-3266

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the JLS plugin (xjpegls.dll) library and execute arbitrary code on the target system. The code will run with the privileges of the target user or application.

Impact:

A remote user can obtain potentially sensitive information and use that information to gain full control of the target device.

Solution:

The vendor has issued a fix (6.1.260).

Addthis