Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter.
http://www.vupen.com/english/advisories/2009/3594
http://www.securityfocus.com/bid/37386
http://securitytracker.com/id?1023361