Published: 11/07/2012 Updated: 09/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Unspecified vulnerability in HP Operations Agent prior to 11.03.12 allows remote malicious users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

hp operations agent

hp operations agent 8.51

hp operations agent 8.60.006

hp operations agent 8.60.008

hp operations agent 8.52

hp operations agent 8.53

hp operations agent 8.60

hp operations agent 8.60.005

hp operations agent 8.51.102

hp operations agent 8.60.7

hp operations agent 7.36

hp operations agent 8.60.501

hp operations agent 8.60.007


## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::R ...

Metasploit Modules

HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow

This module exploits a buffer overflow vulnerability in HP Operations Agent for Windows. The vulnerability exists in the HP Software Performance Core Program component (coda.exe) when parsing requests for the 0x8c opcode. This module has been tested successfully on HP Operations Agent 11.00 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass). The coda.exe components runs only for localhost by default, network access must be granted through its configuration to be remotely exploitable. On the other hand it runs on a random TCP port, to make easier reconnaissance a check function is provided.

msf > use exploit/windows/misc/hp_operations_agent_coda_8c
      msf exploit(hp_operations_agent_coda_8c) > show targets
      msf exploit(hp_operations_agent_coda_8c) > set TARGET <target-id>
      msf exploit(hp_operations_agent_coda_8c) > show options
   and set options...
      msf exploit(hp_operations_agent_coda_8c) > exploit