A vulnerability has been reported in HP Operations Manager, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the SourceView ActiveX control (srcvw32.dll or srcvw4.dll). This can be exploited to cause a stack-based buffer overflow via an overly long argument passed to e.g. the "LoadFile()" method.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following versions:
* HP Operations Manager for Windows versions 8.10 and 8.16 with srcvw4.dll version 22.214.171.124 or earlier
* HP Operations Manager for Windows version 7.5 with srcvw32.dll version 2.23.28 or earlier
Solution: Install patched srcvw32.dll and srcvw4.dll libraries. Please see the vendor's advisory for more information.
Provided and/or discovered by: mr_me, Corelan
Original Advisory: HP (HPSBMA02491 SSRT100060):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: HP Operations Manager SourceView ActiveX Control Buffer Overflow
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.