EMC AlphaStor Command Injection and Format String Flaws Let Remote Users Execute Arbitrary Code
EMC AlphaStor 4.0 prior to build 800 (All platforms)
Two vulnerabilities were reported in EMC AlphaStor.
A remote user can send a specially crafted DCP run command to inject commands and cause the Device Manager (rrobotd.exe) to execute arbitrary code on the target system [CVE-2013-0928].
A remote user can send specially crafted commands to trigger a format string flaw in a _vsnsprintf() function in the Device Manager and execute arbitrary code on the target system [CVE-2013-0929].
A remote user can execute arbitrary code on the target system.
The vendor has issued a fix (4.0 build 800).