module
HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow
| Disclosed | Created |
|---|---|
| Dec 9, 2009 | May 30, 2018 |
Disclosed
Dec 9, 2009
Created
May 30, 2018
Description
This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53.
By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute
arbitrary code.
This specific vulnerability is due to a call to "sprintf_new" in the "isWide"
function within "ovalarm.exe". A stack buffer overflow occurs when processing an
HTTP request that contains the following.
1. An "Accept-Language" header longer than 100 bytes
2. An "OVABverbose" URI variable set to "on", "true" or "1"
The vulnerability is related to "_WebSession::GetWebLocale()".
NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute
arbitrary code.
This specific vulnerability is due to a call to "sprintf_new" in the "isWide"
function within "ovalarm.exe". A stack buffer overflow occurs when processing an
HTTP request that contains the following.
1. An "Accept-Language" header longer than 100 bytes
2. An "OVABverbose" URI variable set to "on", "true" or "1"
The vulnerability is related to "_WebSession::GetWebLocale()".
NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
Author
jduck [email protected]
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.