Vulnerability Details : CVE-2011-1865
Public exploit exists!
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2011-1865
Probability of exploitation activity in the next 30 days: 95.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-1865
-
HP OmniInet.exe Opcode 27 Buffer Overflow
Disclosure Date: 2011-06-29First seen: 2020-04-26exploit/windows/misc/hp_omniinet_3This module exploits a buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted opcode 27 packet, a remote attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com> -
HP OmniInet.exe Opcode 20 Buffer Overflow
Disclosure Date: 2011-06-29First seen: 2020-04-26exploit/windows/misc/hp_omniinet_4This module exploits a vulnerability found in HP Data Protector's OmniInet process. By supplying a long string of data as the file path with opcode '20', a buffer overflow can occur when this data is being written on the stack where no proper bounds checking is do
CVSS scores for CVE-2011-1865
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-1865
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1865
-
http://www.exploit-db.com/exploits/17458
HP Data Protector 6.20 - Multiple Vulnerabilities - Windows dos Exploit
-
http://securityreason.com/securityalert/8295
HP OmniInet.exe Opcode 20 Buffer Overflow - CXSecurity.com
-
http://www.securityfocus.com/bid/48486
HP OpenView Storage Data Protector CVE-2011-1865 Op Codes Remote Buffer Oveflow Vulnerability
-
http://www.exploit-db.com/exploits/17468
HP Data Protector 6.11 - Remote Buffer Overflow (DEP Bypass) - Windows remote Exploit
-
http://securityreason.com/securityalert/8290
HP Data Protector 6.11 Remote Buffer Overflow + DEP Bypass - CXSecurity.com
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02872182
Vendor Advisory
-
http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities
Multiple vulnerabilities in HP Data Protector | Core SecurityExploit
-
http://www.exploit-db.com/exploits/17490
HP OmniInet.exe Opcode 20 - Remote Buffer Overflow (Metasploit) - Windows remote Exploit
-
http://www.exploit-db.com/exploits/17467
HP - 'OmniInet.exe' Opcode 27 Buffer Overflow (Metasploit) - Windows remote Exploit
-
http://securityreason.com/securityalert/8288
HP Data Protector 6.20 Multiple Vulnerabilities - CXSecurity.com
-
http://securitytracker.com/id?1025731
HP OpenView Storage Data Protector Stack Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68281
HP OpenView Storage Data Protector buffer overflow CVE-2011-1865 Vulnerability Report
-
http://securityreason.com/securityalert/8291
HP OmniInet.exe Opcode 27 Buffer Overflow - CXSecurity.com
Products affected by CVE-2011-1865
- cpe:2.3:a:hp:openview_storage_data_protector:6.00:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_storage_data_protector:6.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_storage_data_protector:6.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:openview_storage_data_protector:6.20:*:*:*:*:*:*:*