CVE-2010-1960

HP Openview Network Node Manager - Memory Corruption

Title source: rule

Description

Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17043

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_nnm_ovwebsnmpsrv_uro.rb

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-10-105/

[Patch, Vendor Advisory] http://marc.info/?l=bugtraq&m=127602909915281&w=2

[Vendor Advisory] http://secunia.com/advisories/40101

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/59249

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/511734/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/40637

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024071

Scores

EPSS 0.6925

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (2)

hp/openview_network_node_manager 7.51 (5 CPE variants)

hp/openview_network_node_manager 7.53 (5 CPE variants)

Published Jun 10, 2010

Tracked Since Feb 18, 2026