Buffer overflow in Hp Openview_storage_data_protector

CVE-2011-1735

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.

Vulnerability class: Buffer Overflow

EPSS: 0.517 (98.0th percentile) — read the EPSS interpretation.

Affected products

Hp Openview_storage_data_protector — versions 6.00, 6.10, 6.11
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

hp-security-alert@hp.com (x_refsource_MISC)
openview-code-execution(67208) (vdb-entry, x_refsource_XF)
20110429 ZDI-11-151: HP Data Protector Backup Client Service bm Message Processing Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
47638 (vdb-entry, x_refsource_BID)
72194 (x_refsource_OSVDB, vdb-entry)
HPSBMA02668 (x_refsource_HP, vendor-advisory)
44402 (x_refsource_SECUNIA, third-party-advisory)
1025454 (vdb-entry, x_refsource_SECTRACK)