Some vulnerabilities have been reported in HP OpenView products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to boundary errors in the Shared Trace Service component within ovtrcsvc.exe and OVTrace.exe when handling certain requests. These can be exploited to cause stack-based buffer overflows via sending specially crafted requests (opcode handler 0x1a or 0x0f) to the service.

The vulnerabilities affect the following products and versions:
* HP OpenView Internet Service (OVIS) v6.00, v6.10, v6.11 (Japanese), v6.20 running HP OpenView Cross Platform Component (XPL) vB.60.81.00, vB.60.90.00, and vB.61.90.000
* HP OpenView Performance Manager (OVPM) 5.x and 6.x
* HP OpenView Performance Agent (OVPA) 4.5 and 4.6
* HP OpenView Reporter 3.7
* HP OpenView Operations (OVO) Agents OVO8.x HTTPS agents
* HP OpenView Operations Manager for Windows (OVOW) v7.5 with the OpenView Operations (OVO) add on module for OpenView Operations-Business Availability Center (OVO-BAC)
* HP OpenView Quality Manager (OV SQM) v1.2 SP1, v1.3, v1.40 running HP OpenView Cross Platform Component (XPL) 2.60.041, 2.61.060 and 2.61.110
* HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50, v7.51 running XPL earlier than 03.10.040
* HP OpenView Business Process Insight (OVBPI), HP Business Process Insight (HPBPI) , HP OpenView Service Desk Process Insight (SDPI), and HP Service Desk Process Insight (HPSDPI) versions 1.0, 1.1x, 2.0x and 2.10x
* HP OpenView Dashboard v2.01 running HP OpenView Cross Platform Component (XPL) vB.60.90.00 and vB.61.90.000
* HP OpenView Performance Insight (OVPI) v5.0, v5.1, v5.1.1, v5.1.2, v5.2 running HP OpenView Cross Platform Component (XPL) earlier than v3.10.040

Solution
Apply hotfixes. Please see the vendor's advisories for details.

Provided and/or discovered by
1) Cody Pierce, Pedram Amini, and Aaron Portnoy of TippingPoint DV Labs
2) An anonymous researcher, reported via iDefense Labs.

Changelog
Further details available to Secunia VIM customers

Original Advisory
HPSBMA02235 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515

HPSBMA02236 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171

HPSBMA02237 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584

HPSBMA02238 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617

HPSBMA02239 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576

HPSBMA02240 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627

HPSBMA02241 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851

HPSBMA02242 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038

HPSBMA02244 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023

HPSBMA02245 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156

HPSBMA02246 SSRT061260:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=574

TippingPoint:
http://dvlabs.tippingpoint.com/advisory/TPTI-07-14

Deep Links
Links available to Secunia VIM customers