CVE-2009-3844

HP OpenView Data Protector 5.50/6.0 - Remote Code Execution via MSG_PROTOCOL Packet

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-3844. PoCs published by Metasploit, EgiX, including Metasploit module exploits/windows/misc/hp_omniinet_2.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in HP OmniInet.exe via a crafted MSG_PROTOCOL packet, allowing arbitrary code execution with elevated privileges. It includes automatic target detection and supports multiple versions of HP OpenView Data Protector and Application Recovery Manager.

Description

Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16435

This Metasploit module exploits a stack-based buffer overflow in HP OmniInet.exe via a crafted MSG_PROTOCOL packet, allowing arbitrary code execution with elevated privileges. It includes automatic target detection and supports multiple versions of HP OpenView Data Protector and Application Recovery Manager.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP OmniInet.exe (HP OpenView Data Protector, HP Application Recovery Manager)
No auth needed
Prerequisites: Network access to the target service on port 5555
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by EgiX · rubyremotewindows
https://www.exploit-db.com/exploits/10715

This exploit targets a stack-based buffer overflow in HP Application Recovery Manager's OmniInet.exe via a crafted MSG_PROTOCOL packet. It leverages SEH overwrites and a jump-back technique to execute arbitrary shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Application Recovery Manager (OmniInet.exe)
No auth needed
Prerequisites: Network access to port 5555 · Vulnerable version of HP Application Recovery Manager
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_omniinet_2.rb

This Metasploit module exploits a stack-based buffer overflow in HP OmniInet.exe via a crafted MSG_PROTOCOL packet, allowing remote code execution with elevated privileges. It includes multiple targets for different versions of HP OpenView Data Protector and Application Recovery Manager.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP OmniInet.exe (versions 5.50, 6.0, 6.1)
No auth needed
Prerequisites: Network access to port 5555 · Vulnerable version of HP OmniInet.exe
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023288
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54638
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126029001704529&w=2
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3454
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508329/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/37250
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37600

Scores

EPSS 0.7406
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (2)
hp/openview_data_protector_application_recovery_manager 5.50
hp/openview_data_protector_application_recovery_manager 6.0
Published Dec 08, 2009
Tracked Since Feb 18, 2026