CVE-2010-1033

HP Operations Manager <8.16 - RCE

Title source: llm

Description

Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · htmldoswindows

https://www.exploit-db.com/exploits/12302

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02078800

[URL Repurposed] http://net-ninja.net/blog/media/blogs/b/exploits/hpoperationsmngr.html.txt

[Vendor Advisory] http://secunia.com/advisories/39538

[Various Sources] http://www.corelan.be:8800/advisories.php?id=CORELAN-10-027

[Various Sources] http://www.corelan.be:8800/wp-content/forum-file-uploads/mr_me/hpoperationsmngr.html.txt

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/0946

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/57938

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/39578

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023894

Scores

EPSS 0.2259

EPSS Percentile 95.9%

Details

CWE

CWE-119

Status published

Products (3)

hp/operations_manager 7.5

hp/operations_manager 8.10

hp/operations_manager 8.16

Published Apr 21, 2010

Tracked Since Feb 18, 2026