SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   HPE OpenView Network Node Manager Vendors:   HPE
HP OpenView Network Node Manager Buffer Overflow in 'ov.dll' Lets Remote Users Execute Arbitary Code
SecurityTracker Alert ID:  1024224
SecurityTracker URL:  http://securitytracker.com/id/1024224
CVE Reference:   CVE-2010-2703   (Links to External Site)
Updated:  Jul 28 2010
Original Entry Date:  Jul 20 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.51, 7.53
Description:   A vulnerability was reported in HP OpenView Network Node Manager. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to trigger a buffer overflow in 'ov.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Only Windows-based systems are affected.

The vendor was notified on February 2, 2010.

Sebastien Renaud of VUPEN Vulnerability Research Team reported this vulnerability. An anonymous researcher also reported this vulnerability via TippingPoint.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a hot fix.

The vendor's advisory is available at:

http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286088

Vendor URL:  www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286088 (Links to External Site)
Cause:   Not specified
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC