_2 == cve-2009-3844

git-svn-id: file:///home/svn/framework3/trunk@8078 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-06 20:01:08 +00:00 · 2010-01-06 20:01:08 +00:00 · 75ff9d327a
parent 3a9b384554
commit 75ff9d327a
1 changed files with 8 additions and 7 deletions
--- a/modules/exploits/windows/misc/hp_omniinet_2.rb
+++ b/modules/exploits/windows/misc/hp_omniinet_2.rb
@ -30,7 +30,12 @@ class Metasploit3 < Msf::Exploit::Remote

 				This service is installed with HP OpenView Data Protector, HP Application
 				Recovery Manager and potentially other products. This exploit has been tested
-				against versions 6.1, 6.0, and 5.50 of Data Protecter.
+				against versions 6.1, 6.0, and 5.50 of Data Protecter. and versions 6.0 and 6.1
+				of Application Recovery Manager.
+
+				NOTE: There are actually two consecutive wcscpy() calls in the program (which
+				may be why ZDI considered them two separate issues). However, this module only
+			   exploits the second one.
 			},
 			'Author'         =>
 				[
@ -41,14 +46,10 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
-					[ 'OSVDB', '60852' ],
-					[ 'OSVDB', '61205' ],
 					[ 'CVE', '2009-3844' ],
-					[ 'CVE', '2007-2280' ],
 					[ 'BID', '37250' ],
-					[ 'BID', '37396' ],
-					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-091' ],
-					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-099' ]
+					[ 'OSVDB', '60852' ],
+					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-09-091' ]
 				],
 			'Privileged'     => true,
 			'DefaultOptions' =>