CVE-2011-4791

EUVD-2011-4709
DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
hpdata_protector_media_operations
𝑥
≤ 6.11
hpdata_protector_media_operations
5.0
hpdata_protector_media_operations
5.1
hpdata_protector_media_operations
5.5
hpdata_protector_media_operations
6.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/521472
http://zerodayinitiative.com/advisories/ZDI-11-112/
http://www.securityfocus.com/archive/1/521472
http://zerodayinitiative.com/advisories/ZDI-11-112/