HP Data Protector Media Operations 6.11 - Multiple Modules NULL Pointer Dereference DoS



#Exploit Title: HP Data Protector Media Operations 6.11 Multiple NULL Pointer Dereference Local DoS (0day)

   
#Date:          11/09/2010   

#Author:        d0lc3   d0lc3x[at]gmail[dom]com 

#Author Link:   http://elotrolad0.blogspot.com/  

#Software Link:    (trial) https://h10078.www1.hp.com/cda/hpdc/navigation.do?
action=downloadBinStart&caid=44914&cp=54_4000_100&zn=bto&filename=B7
129AAE

#Version:       6.11 

#Tested on:     win32 XP SP3 (spa)

#Summary:  
"DBServer.exe" and "DBTools.exe" are prone to local denial of service 
causing a NULL pointer Dereference. 
Correct manipulation of .4DC file format should to allow attackers exploit this
issue to crash application, denying service to legitimate users. Due to the
nature of this issue, attackers may be able to execute local arbitrary
code, but this has not been confirmed.

More details on author blog:

http://elotrolad0.blogspot.com/2010/09/hp-data-protector-media-operations-611.html

by r0i

PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/14974.rar (HP_Data_Protector_Poc.rar)