10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.951 High
EPSS
Percentile
99.1%
Added: 04/18/2011
CVE: CVE-2011-0261
BID: 45762
OSVDB: 70469
HP OpenView Network Node Manager is network availability and performance management software.
A buffer overflow vulnerability in **jovgraph.exe**
allows remote attackers to execute arbitrary commands by sending an overly long **displayWidth**
option in the **arg**
parameter to the **jovgraph.exe**
CGI program.
Apply the appropriate patch.
<http://www.zerodayinitiative.com/advisories/ZDI-11-003/>
Exploit works on HP OpenView Network Node Manager 7.53 on Windows Server 2003 with DEP AlwaysOff.
On Windows Server 2003, read and execute privileges on the file **_%windir%_\system32\cmd.exe**
must be granted to the Internet Guest Account **IUSR__<computername>_**
for the exploit to work properly. Note that users in the **Users**
and **Power Users**
groups do not have such privileges, but users in the **Administrators**
and **TelnetClients**
groups do.
Windows