HP Intelligent Management Center is prone to an overflow condition. The img.exe component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted packet, a remote attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, HP has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

• Security Tracker: 1027431
• CVE ID: 2012-3253 (see also: NVD)
• Secunia Advisory ID: 50328
• Related OSVDB ID: 84856
• Vendor URL: http://h17007.www1.hp.com/us/en/products/network-management/IMC_ES_Platform/index.aspx
• Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03473459
  http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-12-164/

• gwslabs.com - Zero Day Initiative (ZDI)