HP Intelligent Management Center is prone to an overflow condition. This issue is triggered when a boundary error occurs in iNOdeMngChecker.exe during the handling of 0x0A0BF007 packets, which will result in a stack-based buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• Security Tracker: 1027430
• CVE ID: 2012-3254 (see also: NVD)
• Secunia Advisory ID: 50350
• Related OSVDB ID: 84857
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03473527
  http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473527&ac.admitted=1346385112193.876444892.492883150
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-12-163/

• Luigi Auriemma - Zero Day Initiative (ZDI)
• Anonymous - Zero Day Initiative (ZDI)