HP Operations Manager ActiveX Remote Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 21 Apr 2010 4448 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in HP Operations Manager for Windows, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the "srcvw4.dll" and "srcvw32.dll" ActiveX controls when processing overly long arguments passed to the "LoadFile()" or "SaveFile()" methods, which could allow attackers to remotely execute arbitrary code by tricking a user into visiting a specially crafted web page.

Impact

  • Remote Code Execution

System / Technologies affected

  • HP Operations Manager for Windows version 8.10 (with srcvw4.dll version 4.0.1.1 and prior)
  • HP Operations Manager for Windows version 8.16 (with srcvw4.dll version 4.0.1.1 and prior)
  • HP Operations Manager for Windows version 7.5 (with srcvw32.dll version 2.23.28 and prior)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • HP Operations Manager for Windows 8.x - Install OMW_00060 and upgrade to srcvw4.dll version 4.0.1.2
  • HP Operations Manager for Windows 7.x - Install OVOW_00279 and upgrade to srcvw32.dll version 2.23.29 HP

    http://support.openview.hp.com/selfsolve/patches

Vulnerability Identifier

Source

Share with

Previous

Apple Mac OS X ATS Font Processing Invalid Index Vulnerability

16 Apr 2010 4432 Views

Next

MIT Kerberos KDC "process_tgs_req()" Double Free Vulnerability

22 Apr 2010 4450 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY