CVE-2009-0920

HP Network Node Manager - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17537

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Oren Isacson, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_nnm_toolbar_02.rb

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/0819

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34294

[Third Party Advisory] http://securityreason.com/securityalert/8308

[Exploit] http://www.coresecurity.com/content/openview-buffer-overflows

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/502054/100/0/threaded

[Vendor Advisory] http://secunia.com/advisories/34444

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49364

[Mailing List] http://marc.info/?l=bugtraq&m=123791084113871&w=2

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021883

Scores

EPSS 0.5877

EPSS Percentile 98.2%

Details

CWE

CWE-119

Status published

Products (3)

hp/network_node_manager 7.0.1

hp/network_node_manager 7.5.1

hp/network_node_manager 7.5.3

Published Mar 25, 2009

Tracked Since Feb 18, 2026