CVE-2007-2280

HP OpenView Storage Data Protector 5.50 and 6.0 - Remote Code Execution via MSG_PROTOCOL Command

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2280. PoCs published by Metasploit, including Metasploit module exploits/windows/misc/hp_omniinet_1.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in HP OmniInet.exe via a crafted MSG_PROTOCOL packet, allowing remote code execution with elevated privileges. It includes automatic target detection and SEH-based exploitation.

Description

Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16455

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in HP OmniInet.exe via a crafted MSG_PROTOCOL packet, allowing remote code execution with elevated privileges. It includes automatic target detection and SEH-based exploitation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP OmniInet.exe (versions in HP OpenView Data Protector 5.50-6.10 and HP Application Recovery Manager 6.0-6.1)

No auth needed

Prerequisites: Network access to TCP port 5555 · Vulnerable version of HP OmniInet.exe

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_omniinet_1.rb