PROBLEM:
HP IBRIX X9000 Storage Discloses Information to Remote Users
PLATFORM:
Version(s): IBRIX X9000; 6.1.196, 6.1.210, 6.1.228, 6.1.243, 6.1.247, 6.1.249, 6.1.251
ABSTRACT:
A potential security vulnerability has been identified with HP IBRIX X9000 Storage. The vulnerability could be remotely exploited to allow disclosure of information.
reference LINKS:
HP Security Bulletin: c03510876
SecurityTracker Alert ID: 1027590
CVE-2012-3266
IMPACT ASSESSMENT:
Medium
Discussion:
A remote user can create a specially crafted JLS-compressed image file that, when loaded by the target user, will trigger a heap overflow in the JLS plugin (xjpegls.dll) library and execute arbitrary code on the target system. The code will run with the privileges of the target user or application.
Impact:
A remote user can obtain potentially sensitive information and use that information to gain full control of the target device.