A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dpwintdb.exe process which listens by default on TCP port 3817. When parsing data within a DtbClsAddObject request, the process copies data from the network into a fixed-length buffer on the stack via an unchecked loop. This can be leveraged by attackers to execute arbitrary code under the context of the SYSTEM user.
556adc16dad6ca3f4873f33810b698ebf5dfd71151e2fd435143e01f45c5066c
HP Security Bulletin HPSBMU02746 SSRT100781 - Potential security vulnerabilities have been identified with HP Data Protector Express (DPX) 5.0 and 6.0. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code. Revision 1 of this advisory.
83a0d55e3394aa78f27458d386be674804605818ba2a00eb0f3834f45aea89b9