CVE-2009-0714

HP Data Protector Express <4.6.5-3.4.7 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-0714. PoCs published by Nibin.

AI-analyzed exploit summary This exploit targets a memory leak and DoS vulnerability in HP Data Protector 4.00-SP1 Build 43064 by sending crafted packets to port 3817. It can leak memory contents or crash the service by manipulating a user-controlled offset.

Description

Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Nibin · rubydoswindows
https://www.exploit-db.com/exploits/9007

This exploit targets a memory leak and DoS vulnerability in HP Data Protector 4.00-SP1 Build 43064 by sending crafted packets to port 3817. It can leak memory contents or crash the service by manipulating a user-controlled offset.

Classification
Working Poc 95%
Attack Type
Dos | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector 4.00-SP1 Build 43064
No auth needed
Prerequisites: Network access to TCP port 3817
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Nibin · pythondoswindows
https://www.exploit-db.com/exploits/9006

This exploit targets a memory disclosure and denial-of-service vulnerability in HP Data Protector 4.00-sp1. It leverages a user-controlled offset to read arbitrary memory or crash the service by sending malformed packets to port 3817.

Classification
Working Poc 95%
Attack Type
Dos | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector 4.00-sp1 (dpwinsup module)
No auth needed
Prerequisites: Network access to TCP port 3817 · Vulnerable HP Data Protector installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022220
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/9007
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35084
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34955
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1309
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/9006

Scores

EPSS 0.5161
EPSS Percentile 98.8%

Details

Status published
Products (2)
hp/data_protector_express 3.5 sp1 (3 CPE variants)
hp/data_protector_express 4.0 sp1 (2 CPE variants)
Published May 14, 2009
Tracked Since Feb 18, 2026