Name | wp_hp_dataprotector_exec_cmd |
CVE | CVE-2011-0923 |
Exploit Pack | White_Phosphorus |
Description | Hewlett-Packard Data Protector Client EXEC_CMD Remote Command Execution |
Notes | References: http://www.zerodayinitiative.com/advisories/ZDI-11-055/ CVE Name: CVE-2011-0923 VENDOR: Hewlett-Packard Notes: This module exploits a remote command execution flaw in the Hewlett-Packard Data Protector Client OmniInet service (TCP/5555 by default). No paramaters or command line arguements may be passed. No PATH is available so executables must be traversed to from C:\Program Files\OmniBack\bin\. Combine ../ to directory traverse to the target binary. -O command:"../../../windows/system32/whoami.exe" is valid -O command:"../../../windows/system32/whoami.exe /ALL" is invalid Repeatability: Unlimited Date public: 2011-02-07 CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0923 CVSS: 10.0 |
Learn more about the CANVAS Exploit Pack here: White_Phosphorus |