HPE Data Protector EXEC_BAR domain Buffer Overflow (CVE-2016-2006)

A buffer overflow vulnerability has been found in the Omnilnet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the domain field in EXEC_BAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service potentially leading to arbitrary code execution under the context of System.

Leave a Reply