CVE-2011-0647

EMC Replication Manager < 5.3 - Remote Code Execution via irccd.exe RunProgram Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0647. PoCs published by Metasploit, Unknown, Davy Douhine, including Metasploit module exploits/windows/emc/replication_manager_exec.

AI-analyzed exploit summary This Metasploit module exploits a remote command injection vulnerability in EMC Replication Manager (CVE-2011-0647) by sending a crafted XML payload to the irccd.exe service, allowing arbitrary command execution with SYSTEM privileges.

Description

The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/41704

This Metasploit module exploits a remote command injection vulnerability in EMC Replication Manager (CVE-2011-0647) by sending a crafted XML payload to the irccd.exe service, allowing arbitrary command execution with SYSTEM privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EMC Replication Manager < 5.3
No auth needed
Prerequisites: Network access to TCP port 6542 · Target running EMC Replication Manager < 5.3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by Unknown, Davy Douhine · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/emc/replication_manager_exec.rb

This Metasploit module exploits a remote command-injection vulnerability in EMC Replication Manager (CVE-2011-0647) by sending a crafted XML message to the irccd.exe service on port 6542, allowing arbitrary command execution with SYSTEM privileges.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EMC Replication Manager < 5.3
No auth needed
Prerequisites: Network access to port 6542 on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516260
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43164
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46235
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65205
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70853
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0304
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516282/100/0/threaded
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-061/

Scores

EPSS 0.6368
EPSS Percentile 99.1%

Details

CWE
CWE-20
Status published
Products (6)
emc/networker_module 2.1
emc/networker_module 2.2
emc/replication_manager 2.0
emc/replication_manager 5.2
emc/replication_manager 5.2.2
emc/replication_manager < 5.2.3
Published Feb 10, 2011
Tracked Since Feb 18, 2026