module
HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow
| Disclosed | Created |
|---|---|
| 2009-12-09 | 2018-05-30 |
Disclosed
2009-12-09
Created
2018-05-30
Description
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53.
By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute
arbitrary code.
This specific vulnerability is due to a call to "sprintf_new" in the "isWide"
function within "ovalarm.exe". A stack buffer overflow occurs when processing an
HTTP request that contains the following.
1. An "Accept-Language" header longer than 100 bytes
2. An "OVABverbose" URI variable set to "on", "true" or "1"
The vulnerability is related to "_WebSession::GetWebLocale()".
NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute
arbitrary code.
This specific vulnerability is due to a call to "sprintf_new" in the "isWide"
function within "ovalarm.exe". A stack buffer overflow occurs when processing an
HTTP request that contains the following.
1. An "Accept-Language" header longer than 100 bytes
2. An "OVABverbose" URI variable set to "on", "true" or "1"
The vulnerability is related to "_WebSession::GetWebLocale()".
NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
Author
jduck jduck@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.