CVE-2008-1661

HP StorageWorks SWSM <4.5 SP2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-1661. PoCs published by Metasploit, ri0t, including Metasploit module exploits/windows/misc/doubletake.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in the authentication mechanism of DoubleTake/HP StorageWorks Storage Mirroring Service. It uses a SEH-based payload to achieve remote code execution on vulnerable versions.

Description

Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16450

This exploit targets a stack buffer overflow in the authentication mechanism of DoubleTake/HP StorageWorks Storage Mirroring Service. It uses a SEH-based payload to achieve remote code execution on vulnerable versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: DoubleTake/HP StorageWorks Storage Mirroring Service (versions 4.5.0, 4.4.2, 4.5.0.1819)
No auth needed
Prerequisites: Network access to the target service on port 1100
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ri0t · rubyremotewindows
https://www.exploit-db.com/exploits/5738

This exploit targets a stack overflow vulnerability in NSI Doubletake (also rebranded as HP StorageWorks) during authentication. It uses a SEH overwrite technique with a custom XOR-encoded payload to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NSI Doubletake (4.5.0, 4.4.2, 4.5.0.1819) / HP StorageWorks
No auth needed
Prerequisites: Network access to target on port 1100
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/doubletake.rb

This Metasploit module exploits a stack buffer overflow in the authentication mechanism of NSI DoubleTake/HP StorageWorks Storage Mirroring Service. It sends a crafted packet with an XOR-encoded payload to trigger the vulnerability and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NSI DoubleTake/HP StorageWorks Storage Mirroring Service (versions 4.5.0, 4.4.2, 4.5.0.1819)
No auth needed
Prerequisites: Network access to the target service on port 1100
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020157
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1723
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=121250518326713&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42810
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-08-034/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30502

Scores

EPSS 0.6896
EPSS Percentile 99.3%

Details

CWE
CWE-119
Status published
Products (1)
hp/storageworks_storage_mirroring 4.5 sp1
Published Jun 04, 2008
Tracked Since Feb 18, 2026