vendor:
OpenView Network Node Manager
by:
Mati Aharoni
9.3
CVSS
HIGH
SEH Overflow
119
CWE
Product Name: OpenView Network Node Manager
Affected Version From: 7.5.2001
Affected Version To: 7.5.2001
Patch Exists: Yes
Related CWE: N/A
CPE: a:hp:openview_network_node_manager:7.5.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 2003 Server SP1
2009
HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow
HP OpenView NNM 7.5.1 OVAS.EXE is vulnerable to a pre-authentication SEH overflow. This vulnerability was found, analysed and exploited as part of a training module in 'BackTrack to the Max'. An attacker can send an overly long string to the vulnerable application and overwrite the SEH handler, allowing for arbitrary code execution.
Mitigation:
Upgrade to the latest version of HP OpenView NNM 7.5.1 OVAS.EXE