HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code.
4b95345dd39e85718053b8c02acbf3b6063a33c0f0367ad4bf7808042a164723
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe application which is launched when a request is received for the jovgraph.exe CGI application. This process copies the contents of the 'sel' POST variable a user-controllable amount of times into a static stack buffer. By repeating a specific string as the contents of the 'arg' POST variable this buffer can be overflowed leading to arbitrary code execution.
28ad9e9af0c800bc5f8a1ddce5cb1893870ca2cd7788f4e97910230fc8ae3a63