CVE-2011-4162 Information

Description

The (1) AddUser (2) AddUserEx (3) RemoveUser (4) RemoveUserByGuide (5) RemoveUserEx and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

Reference

http://marc.info/?l=bugtraq&m=132284686204608&w=2 http://marc.info/?l=bugtraq&m=134152032516062&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/71600 https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html