HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.
A remote code execution vulnerability exists in HP Data Protector Backup Client Service due to a buffer overflow in the processing of GET_FILE messages. A remote unauthenticated attacker could exploit this vulnerability by sending malformed GET_FILE message packets to the target service.
Upgrade to Data Protector A.06.20 or newer, as indicated in HP Security Bulletin HPSBMA02668 SSRT100474.
Exploit works on HP Data Protector Backup Client Service 6.11 running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 (gdi32.dll version 5.2.3790.4396) and KB2393802 (ntdll.dll version 5.2.3790.4789) installed, and on Microsoft Windows Server 2008 SP2 English (DEP AlwaysOff).
Windows Server 2003
Windows Server 2008