HP Data Protector OmniInet.exe MSG_PROTOCOL Command RCE
Critical Nessus Plugin ID 43635
The backup service running on the remote host is affected by a remote code execution vulnerability.
According to its version and build number, the HP Data Protector application running on the remote host is affected by a stack-based buffer overflow condition in the backup client service daemon (OmniInet.exe). An unauthenticated, remote attacker can exploit this, via an MSG_PROTOCOL command with long arguments, to corrupt memory, resulting in the execution of arbitrary code.
Apply the relevant patches referenced in the HP advisory.