CVE-2008-1697

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager versions 7.53, 7.51, and earlier

Description The issue is related to a stack-based buffer overflow in the ovwparser.dll module of HP OpenView Network Node Manager. This can be exploited by remote attackers who send a long URI in an HTTP request processed by ovas.exe, potentially allowing the execution of arbitrary code. An example of such an exploit is a certain topology/homeBaseView request.

Recommendations For HP OpenView Network Node Manager versions 7.53 and 7.51, update to a version later than 7.53 to resolve the issue. For HP OpenView Network Node Manager versions earlier than 7.51, update to a version later than 7.53 to resolve the issue. As a temporary workaround, consider restricting access to the ovas.exe module and the ovwparser.dll file to minimize the risk of exploitation.