This Metasploit module exploits a stack overflow in HP OpenView Network Node Manager 7.50. By sending a specially crafted CGI request to OvWebHelp.exe, an attacker may be able to execute arbitrary code.
55d170104143bc443ef2724ff037c2b870160add006e6725a9d78d69fe2baffbHP OpenView NNM version 7.53 OvWebHelp.exe CGI topic buffer overflow exploit.
f7d69c1eaf731b9a24dc386d5b77e52ba2265e243f8fab21d0c5b8da3209d41fHP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
4b95345dd39e85718053b8c02acbf3b6063a33c0f0367ad4bf7808042a164723A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OvWebHelp.exe CGI application. During a string concatenation the process takes the value of the Topic POST variable and copies it without any length checks into a static 0x400 byte heap buffer. By providing a large enough string this buffer can be overrun leading to arbitrary code execution.
bc3a170b7c023d93cce2e71f5f18aae14f58b419c61aa33eea31e2d81a8e8cdf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed