Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAniway ([email protected])ZDI-11-147
HistoryApr 29, 2011 - 12:00 a.m.

HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability

2011-04-2900:00:00
Aniway ([email protected])
www.zerodayinitiative.com
9

0.871 High

EPSS

Percentile

98.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP OpenView Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service (OmniInet.exe). The Backup Client Service listens on TCP port 5555 for communications between systems in the cell. The process has insufficient bounds checking on user-supplied data in a fixed-length buffer on the stack. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

Related

cve 1
nvd 1
cvelist 1
prion 1
securityvulns 2
nessus 1
cve
cve
CVE-2011-1731
2011-05-07 19:55:01
nvd
nvd
CVE-2011-1731
2011-05-07 19:55:01
cvelist
cvelist
CVE-2011-1731
2011-05-07 19:00:00
prion
prion
Stack overflow
2011-05-07 19:55:00
securityvulns
securityvulns
ZDI-11-147: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability
2011-05-01 00:00:00
HP Data Protector multiple security vulnerabilities
2011-05-01 00:00:00
nessus
nessus
HP Data Protector < A.06.20 Multiple Vulnerabilities
2011-05-10 00:00:00

0.871 High

EPSS

Percentile

98.6%

JSON
Related for ZDI-11-147
cve1nvd1cvelist1prion1securityvulns2nessus1