cbcvebase.
CVE-2009-0714
published 2009-05-14

CVE-2009-0714: Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build…

PriorityP345high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
51.61%
98.8th percentile
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.

Affected

2 ranges
VendorProductVersion rangeFixed in
hpdata_protector_express
hpdata_protector_express

Detection & IOCsextracted from sources · hover to see the quote

port3817/TCP
filenamedpwinsup.dll
filenamedpwingad.exe
processdpwingad.exe
  • Monitor for TCP connections to port 3817 targeting the dpwingad process; crafted packets with the 16-byte header \x54\x84\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x92\x00\x00\x00 followed by a large payload are indicative of exploitation attempts.
  • The vulnerability is triggered via user-controlled data in ECX at offset ESP+54 within dpwinsup.dll, leading to an out-of-bounds memory read or crash; look for unexpected crashes or memory disclosure responses from dpwingad.exe on port 3817.
  • Payload includes 130 bytes of padding ('A'*130) appended after the 16-byte magic header; network signatures should match this pattern on TCP/3817 connections to dpwingad.
  • ·The exploit targets HP Data Protector Express/Express SSE 3.x before build 47065 and 4.x before build 46537 (Windows only); the PoC was specifically tested against build 43064.
  • ·The Metasploit module defaults to starting memory leak at PEB address 0x7ffdf000; if the supplied MEMORY address resolves to zero, it falls back to this default.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.