CVE-2011-0922

Exploitation Summary

EIP tracks 4 public exploits for CVE-2011-0922. PoCs published by Ben Turner, fdiskyou, including Metasploit module exploits/windows/misc/hp_dataprotector_install_service.

AI-analyzed exploit summary This Metasploit module exploits a remote code execution vulnerability in HP Data Protector's omniinet process by leveraging an SMB share to drop and execute a malicious payload. It targets versions 6.10, 6.11, and 6.20 on Windows systems.

Description

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Ben Turner · rubyremotewindows

https://www.exploit-db.com/exploits/27271

View Code ZIP pw:eip

This Metasploit module exploits a remote code execution vulnerability in HP Data Protector's omniinet process by leveraging an SMB share to drop and execute a malicious payload. It targets versions 6.10, 6.11, and 6.20 on Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 6.10, 6.11, 6.20

No auth needed

Prerequisites: SMB share named 'Omniback' with subfolder 'i386' accessible to the target · Network access to the target's SMB and omniinet services

MITRE ATT&CK

T1021.002 - SMB/Windows Admin Shares T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Ben Turner · pythonremotewindows

https://www.exploit-db.com/exploits/19288

View Code ZIP pw:eip

This exploit targets CVE-2011-0922 in HP Data Protector Client (versions 6.11 & 6.20) by sending a crafted payload to execute a remote command. It leverages a share path to execute 'installservice.exe' with SYSTEM privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector Client 6.11 & 6.20

No auth needed

Prerequisites: Accessible SMB share with 'installservice.exe' · Network access to target port · SYSTEM account access to the share

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by fdiskyou · pythonremotewindows

https://www.exploit-db.com/exploits/17345

View Code ZIP pw:eip

This PoC exploits CVE-2011-0922 in HP Data Protector by crafting a malicious packet to trigger remote code execution via the EXEC_SETUP command. It instructs the target to download and execute a payload from a specified share or HTTP location.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector Client 6.11

No auth needed

Prerequisites: Network access to target on port 5555 · Ability to host malicious payload on share/HTTP

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Ben Turner · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_dataprotector_install_service.rb

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in HP Data Protector's OmniInet service to achieve remote code execution by creating a custom payload executable. It leverages the install service function to execute arbitrary code on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Data Protector 6.10/6.11/6.20

No auth needed

Prerequisites: SMB server with a share named 'Omniback' containing an 'i386' subfolder · Network access to the target's OmniInet service on port 5555

MITRE ATT&CK