Buffer Overflow in HP OpenView Network Node Manager's ov.dll Module
CVE-2010-2703

Currently unrated

Key Information:

Vendor: HP
Status: Openview Network Node Manager
Vendor: CVE Published:; 28 July 2010

Summary

A stack-based buffer overflow vulnerability exists in the execvp_nc function of the ov.dll module in HP OpenView Network Node Manager versions 7.51 and 7.53. This flaw can be exploited by remote attackers who send specially crafted long HTTP requests to webappmon.exe, potentially allowing them to execute arbitrary code on the affected system. This vulnerability highlights the importance of validating input to avoid such security risks in network management applications.

References

http://www.vupen.com/english/advisories/2010/1866

vdb-entryx_refsource_VUPEN

http://www.exploit-db.com/exploits/14916

exploitx_refsource_EXPLOIT-DB

http://osvdb.org/66514

vdb-entryx_refsource_OSVDB

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 28, 2010
Vulnerability Reserved
Jul 12, 2010