Vulnerability Key Information Vulnerability Overview Name: HP Data Protector Backup Client Service EXEC_INTEGUTIL Remote Code Execution Vulnerability ID: ZDI-11-147, ZDI-CAN-1174 Vulnerability Details CVE ID: CVE-2011-1731 CVSS Score: 10.0 - Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Affected Vendor: Hewlett-Packard Affected Product: Data Protector Vulnerability Description Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable HP OpenView Data Protector installations. Exploitation of this vulnerability does not require authentication. Specific Issue: The vulnerability exists in the Backup Client Service (Omnilnet.exe), which listens on TCP port 5555. The process performs insufficient boundary checks on user-supplied data in a fixed-length stack buffer. A remote, unauthenticated attacker can exploit this vulnerability by sending malformed EXEC_INTEGUTIL message packets to the target, ultimately leading to arbitrary code execution in the context of the SYSTEM user. Access Protection Trend Micro Customer Protection: Trend Micro TippingPoint IPS customers are protected by digital vaccine filter ID [11132]. For more product information, visit: http://www.tippingpoint.com Additional Information Vendor Update: Hewlett-Packard has released an update to fix this vulnerability. For more details, see: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240 Disclosure Timeline 2011-04-04: Vulnerability reported to vendor 2011-04-29: Coordinated public advisory release Information Source Credit: Aniway (Aniway.Anyway@gmail.com)