HP Data Protector Client EXEC_SETUP Remote Code Execution Exploit

This module exploits a design flaw in HP Data Protector by sending a specially crafted EXEC_SETUP request. The specific flaw exists within the implementation of the EXEC_SETUP command. This command instructs a Data Protector client to download and execute a setup file. A malicious attacker can instruct the client to access a file off of a share thus executing arbitrary code under the context of the current user.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2011-0922
Product Version: 
11.0
Released Date: 
Wednesday, July 6, 2011 - 00:00