CVE-2007-2281

HP OpenView Storage Data Protector 5.50/6.0 - Remote Code Execution via Large Size Parameter

Title source: llm
STIX 2.1

Description

Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
http://dvlabs.tippingpoint.com/advisory/TPTI-09-15
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126106261622540&w=2
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023361
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3594
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37386

Scores

EPSS 0.0640
EPSS Percentile 91.1%

Details

CWE
CWE-189
Status published
Products (2)
hp/openview_storage_data_protector 5.50
hp/openview_storage_data_protector 6.0
Published Dec 18, 2009
Tracked Since Feb 18, 2026