HP OpenView Network Node Manager getcvdata.exe parameter string buffer overflow
Added: 01/14/2009CVE: CVE-2008-0067
BID: 33147
Background
HP OpenView Network Node Manager is network availability and performance management software.Problem
A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending an HTTP request for the getcvdata.exe CGI program with a long, specially crafted parameter string.Resolution
Restrict access to the getcvdata.exe CGI program. Apply a fix when available.References
http://secunia.com/secunia_research/2008-13/Limitations
Exploit works on HP OpenView Network Node Manager 7.53.Platforms
Windows 2000Back to exploit index