CVE-2008-0067

HP Openview Network Node Manager - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotecgi

https://www.exploit-db.com/exploits/16795

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_nnm_toolbar_01.rb

View Code ZIP pw:eip

References (8)

[Mailing List] http://marc.info/?l=bugtraq&m=123247393715913&w=2

[Vendor Advisory] http://secunia.com/advisories/28074

[Vendor Advisory] http://secunia.com/secunia_research/2008-13/

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1021521

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/499826/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33147

[Third Party Advisory] http://securityreason.com/securityalert/4885

[Third Party Advisory] http://securityreason.com/securityalert/8307

Scores

EPSS 0.8195

EPSS Percentile 99.2%

Details

CWE

CWE-119

Status published

Products (1)

hp/openview_network_node_manager 7.51

Published Jan 08, 2009

Tracked Since Feb 18, 2026