HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.
A vulnerability in the Backup Client Service (OmniInet.exe) allows remote, unauthenticated attackers to write files to arbitrary locations by sending an opcode 42 request containing a directory traversal attack. This can be leveraged to execute arbitrary commands with SYSTEM privileges.
Apply the patch referenced in HPSBMU02895 SSRT101253.
Exploit works on HP Data Protector 6.20 on Windows Server 2003 SP2 and Windows XP SP3.