CVE-2011-1865

HP OpenView Storage Data Protector <6.20 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2011-1865. PoCs published by Metasploit, muts & dookie, Core Security, including Metasploit module exploits/windows/misc/hp_omniinet_3.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in HP Data Protector's OmniInet.exe via opcode '20', achieving arbitrary code execution under SYSTEM privileges. It bypasses DEP/ASLR using ROP techniques targeting MSVCR71.dll.

Description

Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17490

This Metasploit module exploits a buffer overflow in HP Data Protector's OmniInet.exe via opcode '20', achieving arbitrary code execution under SYSTEM privileges. It bypasses DEP/ASLR using ROP techniques targeting MSVCR71.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: HP Data Protector A.06.10 Build 611 / A.06.11 Build 243
No auth needed
Prerequisites: Network access to port 5555 · Vulnerable HP Data Protector installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by muts & dookie · pythonremotewindows
https://www.exploit-db.com/exploits/17468

This exploit targets a remote buffer overflow in HP Data Protector 6.11, leveraging a crafted packet to overwrite EIP and execute a bindshell payload on port 4444. It uses ROP techniques to bypass DEP and achieve arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: HP Data Protector 6.11
No auth needed
Prerequisites: Network access to target on port 5555 · Vulnerable version of HP Data Protector
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/17467

This Metasploit module exploits a buffer overflow in HP OmniInet.exe via a crafted opcode 27 packet, allowing remote code execution. It includes SEH overwrites and a payload delivery mechanism.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector A.06.10 Build 611 / A.06.11 Build 243
No auth needed
Prerequisites: Network access to port 5555 on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Core Security · textdoswindows
https://www.exploit-db.com/exploits/17458

The provided Python script demonstrates multiple stack overflow vulnerabilities in HP Data Protector by sending crafted packets to port 5555. It exploits improper input validation in the 'data protector inet' service, leading to remote code execution or denial of service.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: HP Data Protector v6.00, v6.10, v6.11, v6.20
No auth needed
Prerequisites: Network access to port 5555 on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_omniinet_3.rb

This Metasploit module exploits a buffer overflow in HP OmniInet.exe via a crafted opcode 27 packet, allowing remote code execution. It includes SEH overwrites and a custom payload delivery mechanism.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HP Data Protector A.06.10 Build 611 / A.06.11 Build 243
No auth needed
Prerequisites: Network access to port 5555 on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
by Oren Isacson, muts, dookie, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/hp_omniinet_4.rb

This Metasploit module exploits a buffer overflow vulnerability in HP Data Protector's OmniInet.exe process by sending a crafted packet with opcode '20' and a long file path, leading to arbitrary code execution under SYSTEM privileges. It includes a ROP chain to bypass DEP and ASLR on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: HP Data Protector A.06.10 b611 / A.06.11 b243
No auth needed
Prerequisites: Network access to the target system on port 5555 · HP Data Protector with vulnerable OmniInet.exe running
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025731
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17467
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48486
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8291
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17468
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8288
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68281
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17490
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/17458
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45100
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8295
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8290

Scores

EPSS 0.8895
EPSS Percentile 99.8%

Details

CWE
CWE-119
Status published
Products (4)
hp/openview_storage_data_protector 6.00
hp/openview_storage_data_protector 6.10
hp/openview_storage_data_protector 6.11
hp/openview_storage_data_protector 6.20
Published Jul 01, 2011
Tracked Since Feb 18, 2026