CVE-2007-2280 : Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemo

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.

Published 2009-12-18 19:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2007-2280

HP » Openview Storage Data Protector » Version: 5.50
cpe:2.3:a:hp:openview_storage_data_protector:5.50:*:*:*:*:*:*:*
Matching versions
HP » Openview Storage Data Protector » Version: 6.0
cpe:2.3:a:hp:openview_storage_data_protector:6.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-2280

EPSS FAQ

71.00%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2007-2280

HP OmniInet.exe MSG_PROTOCOL Buffer Overflow

Disclosure Date: 2009-12-17

First seen: 2020-04-26

exploit/windows/misc/hp_omniinet_1

This module exploits a stack-based buffer overflow in the Hewlett-Packard OmniInet NT Service. By sending a specially crafted MSG_PROTOCOL (0x010b) packet, a remote attacker may be able to execute arbitrary code with elevated privileges. This service is in

More information

CVSS scores for CVE-2007-2280

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2007-2280

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2007-2280

http://www.zerodayinitiative.com/advisories/ZDI-09-099/

Patch
http://www.securityfocus.com/bid/37396

HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
http://securitytracker.com/id?1023361

Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/3594

CVEs referencing this url
http://marc.info/?l=bugtraq&m=126106261622540&w=2

CVEs referencing this url

Jump to