module
HP OmniInet.exe Opcode 20 Buffer Overflow
| Disclosed | Created |
|---|---|
| 2011-06-29 | 2018-05-30 |
Disclosed
2011-06-29
Created
2018-05-30
Description
This module exploits a vulnerability found in HP Data Protector's OmniInet
process. By supplying a long string of data as the file path with opcode '20',
a buffer overflow can occur when this data is being written on the stack where
no proper bounds checking is done beforehand, which results arbitrary code
execution under the context of SYSTEM. This module is also made against systems
such as Windows Server 2003 or Windows Server 2008 that have DEP and/or ASLR
enabled by default.
process. By supplying a long string of data as the file path with opcode '20',
a buffer overflow can occur when this data is being written on the stack where
no proper bounds checking is done beforehand, which results arbitrary code
execution under the context of SYSTEM. This module is also made against systems
such as Windows Server 2003 or Windows Server 2008 that have DEP and/or ASLR
enabled by default.
Authors
Oren Isacson
muts
dookie
sinn3r sinn3r@metasploit.com
corelanc0d3r peter.ve@corelan.be
muts
dookie
sinn3r sinn3r@metasploit.com
corelanc0d3r peter.ve@corelan.be
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.