Skip to main content

HP Operations Manager ActiveX Remote Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 21 Apr 2010 5244 Views

RISK: Medium Risk

A vulnerability has been identified in HP Operations Manager for Windows, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the "srcvw4.dll" and "srcvw32.dll" ActiveX controls when processing overly long arguments passed to the "LoadFile()" or "SaveFile()" methods, which could allow attackers to remotely execute arbitrary code by tricking a user into visiting a specially crafted web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • HP Operations Manager for Windows version 8.10 (with srcvw4.dll version 4.0.1.1 and prior)
  • HP Operations Manager for Windows version 8.16 (with srcvw4.dll version 4.0.1.1 and prior)
  • HP Operations Manager for Windows version 7.5 (with srcvw32.dll version 2.23.28 and prior)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • HP Operations Manager for Windows 8.x - Install OMW_00060 and upgrade to srcvw4.dll version 4.0.1.2
  • HP Operations Manager for Windows 7.x - Install OVOW_00279 and upgrade to srcvw32.dll version 2.23.29 HP

    http://support.openview.hp.com/selfsolve/patches


Vulnerability Identifier


Source