Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://secunia.com/secunia_research/2008-13/ | vendor advisory |
| http://marc.info/?l=bugtraq&m=123247393715913&w=2 | vendor advisory |
| http://securitytracker.com/id?1021521 | vdb entry |
| http://www.securityfocus.com/bid/33147 | vdb entry |
| http://securityreason.com/securityalert/4885 | third party advisory |
| http://www.securityfocus.com/archive/1/499826/100/0/threaded | mailing list |
| http://securityreason.com/securityalert/8307 | third party advisory |
| http://secunia.com/advisories/28074 | third party advisory vendor advisory |