CVE-2012-3274 : Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) componen

Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.

Published 2012-12-06 11:45:47

Updated 2025-04-11 00:51:22

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2012-3274

HP » Intelligent Management Center
Versions up to, including, (<=) 5.1
cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
Matching versions
HP » Intelligent Management Center » Version: 5.0 Update E0101l01
cpe:2.3:a:hp:intelligent_management_center:5.0:e0101l01:*:*:*:*:*:*
Matching versions
HP » Intelligent Management Center » Version: 5.0 Update E0101
cpe:2.3:a:hp:intelligent_management_center:5.0:e0101:*:*:*:*:*:*
Matching versions
HP » Intelligent Management Center » Version: 5.0
cpe:2.3:a:hp:intelligent_management_center:5.0:*:*:*:*:*:*:*
Matching versions
HP » Intelligent Management Center » Version: 5.0 Update E0101h03
cpe:2.3:a:hp:intelligent_management_center:5.0:e0101h03:*:*:*:*:*:*
Matching versions
HP » Intelligent Management Center » Version: 5.0 Update E0101l02
cpe:2.3:a:hp:intelligent_management_center:5.0:e0101l02:*:*:*:*:*:*
Matching versions
HP » Intelligent Management Center » Version: 5.0 Update E0101h04
cpe:2.3:a:hp:intelligent_management_center:5.0:e0101h04:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-3274

EPSS FAQ

71.00%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2012-3274

HP Intelligent Management Center UAM Buffer Overflow

Disclosure Date: 2012-08-29

First seen: 2020-04-26

exploit/windows/misc/hp_imc_uam

This module exploits a remote buffer overflow in HP Intelligent Management Center UAM. The vulnerability exists in the uam.exe component, when using sprint in a insecure way for logging purposes. The vulnerability can be triggered by sending a malformed packet to the

More information

CVSS scores for CVE-2012-3274

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-3274

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3274

https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03589863

HP Support for Technical Help and Troubleshooting | HP® Customer Service.
http://zerodayinitiative.com/advisories/ZDI-12-171/

ZDI-12-171 | Zero Day Initiative

Jump to