cbcvebase.
CVE-2011-0514
published 2011-01-20

CVE-2011-0514: The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to…

PriorityP342medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
48.87%
98.7th percentile
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.

Affected

1 ranges
VendorProductVersion rangeFixed in
hpdata_protector_manager

Detection & IOCsextracted from sources · hover to see the quote

portTCP/1530
processrds.exe
pathProgram Files\OmniBack\rds.exe
bytes
\x23\x8c\x29\xb6\x64\x00\x00\x00\x41\x41\x41\x41
  • Alert on TCP connections to port 1530 carrying a packet whose 4-byte size field (bytes 5–8) is set to 0x64000000 (1,677,721,600), indicating an oversized malloc request targeting rds.exe.
  • The exploit packet always begins with the fixed 4-byte header \x23\x8c\x29\xb6; use this as a network signature anchor on TCP/1530 traffic to HP Data Protector RDS.
  • Monitor rds.exe for abnormal termination or crash events; the crash is triggered when _rm32.dll's malloc() returns 0 due to an impossibly large allocation request passed from _ncp32.dll.
  • Look for the error string 'rm_getMem: out of memory, allocating %u bytes. Called from %s' in process memory or crash dumps of rds.exe as evidence of exploitation attempt.
  • ·The exploit targets HP Data Protector Manager version 6.11 specifically; the RDS service listens on TCP/1530 by default and must be network-accessible for exploitation.
  • ·Exploit was tested on Windows XP SP2 and SP3 only; behaviour on other OS versions is unconfirmed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.