CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 01/08/2010
CVE: CVE-2009-3844
BID: 37250
OSVDB: 60852
HP OpenView Application Recovery Manager is a backup solution for business application data.
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted MSG_PROTOCOL request to the OmniInet process.
Apply the patch referenced in HPSBMA02481 SSRT090113.
<http://www.zerodayinitiative.com/advisories/ZDI-09-091/>
Exploit works on HP OpenView Data Protector 5.5 on Windows Server 2003 SP2 English with patch KB933729.
Windows Server 2003