CVE-2009-3977

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager (OV NNM) version 7.53

Description The issue is related to multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx. This could allow remote attackers to cause a denial of service or have other unspecified impacts via a long string argument to certain methods, including the DisplayName, AddGroup, InstallComponent, or Subscribe method. However, this issue may not be a vulnerability in many environments because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

Recommendations For HP OpenView Network Node Manager (OV NNM) version 7.53, consider restricting access to the ActiveX control in ActiveDom.ocx to minimize the risk of exploitation. As a temporary workaround, consider disabling the DisplayName, AddGroup, InstallComponent, and Subscribe methods until a patch is available.