HP Data Protector OmniInet.exe MSG_PROTOCOL Command RCE

Critical Nessus Plugin ID 43635


The backup service running on the remote host is affected by a remote code execution vulnerability.


According to its version and build number, the HP Data Protector application running on the remote host is affected by a stack-based buffer overflow condition in the backup client service daemon (OmniInet.exe). An unauthenticated, remote attacker can exploit this, via an MSG_PROTOCOL command with long arguments, to corrupt memory, resulting in the execution of arbitrary code.


Apply the relevant patches referenced in the HP advisory.

See Also





Plugin Details

Severity: Critical

ID: 43635

File Name: hp_data_protector_msg_protocol_bof.nasl

Version: $Revision: 1.15 $

Type: combined

Published: 2010/01/05

Modified: 2016/08/22

Dependencies: 19601, 11936, 55550, 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector, cpe:/a:hp:data_protector

Required KB Items: Services/data_protector/version, Services/data_protector/build

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/12/16

Vulnerability Publication Date: 2009/12/16

Exploitable With

Core Impact

Metasploit (HP OmniInet.exe MSG_PROTOCOL Buffer Overflow)

Reference Information

CVE: CVE-2007-2280

BID: 37396

OSVDB: 61206

TRA: TRA-2009-04

Secunia: 37845

ZDI: ZDI-09-099

HP: emr_na-c01124817, HPSBMA02252, SSRT061258

CWE: 119