Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2280

CWE-119 — Buffer Overflow4 documents4 sources

Severity

10.0CRITICAL

EPSS

71.0%

top 1.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Openview Storage Data Protector

Timeline

PublishedDec 18

Latest updateMay 1

Description

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDhp/openview_storage_data_protector5.50, 6.0+1

Patches

Patch: securitytracker.com ↗Patch: www.zerodayinitiative.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-98xx-c784-66x3: Stack-based buffer overflow in OmniInet↗2022-05-01

▶

CVEList

CVE-2007-2280: Stack-based buffer overflow in OmniInet↗2009-12-18

▶

💥Exploits & PoCs

Exploit-DB

HP - 'OmniInet.exe' MSG_PROTOCOL Buffer Overflow (Metasploit) (2)↗2010-09-20

▶