CVE-2007-2281

Name of the Vulnerable Software and Affected Versions HP OpenView Storage Data Protector versions 5.50 through 6.0

Description The issue is related to an integer overflow in the ncp32. NtrpTCPReceiveMsg function, which can be exploited by remote attackers to execute arbitrary code. This is achieved by providing a large value in the size parameter.

Recommendations For HP OpenView Storage Data Protector versions 5.50 through 6.0, consider restricting access to the Cell Manager Database Service in the Application Recovery Manager component until a fix is available. As a temporary workaround, avoid using large values in the size parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.