HP Data Protector Express Crafted Traffic Remote Memory Disclosure

Medium Nessus Plugin ID 38792


The remote Windows host contains an application that is affected by a local privilege escalation vulnerability.


HP Data Protector Express is installed on the remote host. The installed version of the software is affected by an unspecified local privilege escalation vulnerability. A local attacker could exploit this vulnerability to trigger a denial of service condition or execute arbitrary code with system level privileges. According to reports, this flaw could also be triggered remotely by exploiting a memory leak vulnerability, see references for more information.


Upgrade to HP Data Protector Express Single Server Edition version 3.5 SP2 build 47065 / 4.0 SP1 build 46537 or later.

See Also




Plugin Details

Severity: Medium

ID: 38792

File Name: hp_data_protector_exp_priv_escalation.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2009/05/15

Modified: 2013/05/16

Dependencies: 58398

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector

Required KB Items: SMB/HP Data Protector Express/Path, SMB/HP Data Protector Express/Version, SMB/HP Data Protector Express/Build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/05/13

Reference Information

CVE: CVE-2009-0714

BID: 34955

OSVDB: 54509

EDB-ID: 9006, 9007

Secunia: 35084