CVE-2011-0267

HP OpenView Network Node Manager 7.51, 7.53 - Remote Code Execution via Long schdParams or nameParams

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0267. PoCs published by Metasploit, sinn3r, including Metasploit module exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in HP OpenView NNM's nnmRptConfig.exe via a malformed POST request to the OvCgi endpoint. The exploit leverages SEH overwrites and a JMP ECX instruction to achieve arbitrary code execution.

Description

Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/17038

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in HP OpenView NNM's nnmRptConfig.exe via a malformed POST request to the OvCgi endpoint. The exploit leverages SEH overwrites and a JMP ECX instruction to achieve arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP OpenView Network Node Manager (NNM) 7.53

No auth needed

Prerequisites: Network access to the target's HTTP service (port 80) · Target running vulnerable HP OpenView NNM version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_nnm_nnmrptconfig_schdparams.rb