PT-2010-2754 · Tetradyne+1 · Tetradyne Activex+1
Published
2010-04-21
·
Updated
2024-02-14
·
CVE-2010-1033
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HP Operations Manager versions 7.5, 8.10, 8.16
Description
The issue is related to multiple stack-based buffer overflows in a certain Tetradyne ActiveX control. This could allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method. The problem is associated with the srcvw32.dll and srcvw4.dll files.
Recommendations
For HP Operations Manager versions 7.5, 8.10, 8.16, consider disabling the LoadFile and SaveFile methods as a temporary workaround until a patch is available.
Restrict access to the srcvw32.dll and srcvw4.dll files to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp Operations Manager
Tetradyne Activex