CVE-2008-0067

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager versions 7.01, 7.51, 7.53

Description The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through long string parameters to various CGI programs, including OpenView5.exe, getcvdata.exe, ovlaunch.exe, and Toolbar.exe. Specifically, the OpenView5.exe program is vulnerable to long string parameters, one of which is related to ov.dll.

Recommendations For HP OpenView Network Node Manager version 7.01, update to a version that includes the fix for this issue. For HP OpenView Network Node Manager version 7.51, update to a version that includes the fix for this issue. For HP OpenView Network Node Manager version 7.53, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CGI programs OpenView5.exe, getcvdata.exe, ovlaunch.exe, and Toolbar.exe to minimize the risk of exploitation.