(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability

2014-10-02T00:00:00
ID ZDI-14-344
Type zdi
Reporter Aniway.Anyway@gmail.com
Modified 2014-06-22T00:00:00

Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within specifically crafted EXEC_INTEGUTIL messages. A remote attacker can inject arbitrary commands under the context of the SYSTEM user.