CVE-2009-3977

19.11.2009, 00:30

Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method.  NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:N/I:N/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 82%

Vendor	Product	Version
hp	openview_network_node_manager	7.53

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://seclists.org/fulldisclosure/2009/Nov/199

http://www.coresecurity.com/content/openview_nnm_internaldb_dos

https://exchange.xforce.ibmcloud.com/vulnerabilities/54377

http://seclists.org/fulldisclosure/2009/Nov/199

http://www.coresecurity.com/content/openview_nnm_internaldb_dos

https://exchange.xforce.ibmcloud.com/vulnerabilities/54377