HP Operations Manager ActiveX Remote Buffer Overflow Vulnerability
RISK: Medium Risk
A vulnerability has been identified in HP Operations Manager for Windows, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the "srcvw4.dll" and "srcvw32.dll" ActiveX controls when processing overly long arguments passed to the "LoadFile()" or "SaveFile()" methods, which could allow attackers to remotely execute arbitrary code by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- HP Operations Manager for Windows version 8.10 (with srcvw4.dll version 4.0.1.1 and prior)
- HP Operations Manager for Windows version 8.16 (with srcvw4.dll version 4.0.1.1 and prior)
- HP Operations Manager for Windows version 7.5 (with srcvw32.dll version 2.23.28 and prior)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- HP Operations Manager for Windows 8.x - Install OMW_00060 and upgrade to srcvw4.dll version 4.0.1.2
- HP Operations Manager for Windows 7.x - Install OVOW_00279 and upgrade to srcvw32.dll version 2.23.29 HP
Vulnerability Identifier
Source
Share with