Remote Code Execution Vulnerability in HP OpenView Storage Data Protector
CVE-2011-1729

Currently unrated

Key Information:

Vendor: HP
Status: Openview Storage Data Protector
Vendor: CVE Published:; 7 May 2011

Summary

A stack-based buffer overflow vulnerability exists in OmniInet.exe within the Backup Client Service of HP OpenView Storage Data Protector versions 6.00 through 6.11. This vulnerability can be exploited by remote attackers to execute arbitrary code on the affected system. The exploit is triggered via a malformed GET_FILE message, which can lead to unauthorized access and potential system compromise.

References

http://zerodayinitiative.com/advisories/ZDI-11-145/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/67202

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/47638

vdb-entryx_refsource_BID

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 7, 2011
Vulnerability Reserved
Apr 19, 2011