10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.965 High
EPSS
Percentile
99.6%
Added: 03/03/2011
CVE: CVE-2011-0922
BID: 46234
OSVDB: 72525
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.
The backup agent provided by the Data Protector Backup Client Service may be instructed to execute a setup file from a SMB share. However, the agent does not perform any validation of the setup file. An attacker may connect to the backup agent and instruct it to execute an executable of their choice.
Upgrade as directed in HP Security Bulletin HPSBMA02654 SSRT100441 and enable encrypted control communication services.
<http://zerodayinitiative.com/advisories/ZDI-11-056/>
<http://secunia.com/advisories/43202/>
This exploit works against HP Data Protector 6.11 running on Microsoft Windows Server 2003 SP2 English (DEP OptOut).
The executable smbclient
must be available on the exploit server, and a valid SMB user with permission to write to the SMB share is required. The smb password is not allowed to contain single quotes (').
Windows