Vulnerability Description
Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method. NOTE: this issue is not a vulnerability in many environments, because the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Openview Network Node Manager | 7.53 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2009/Nov/199Exploit
- http://www.coresecurity.com/content/openview_nnm_internaldb_dosExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54377
- http://seclists.org/fulldisclosure/2009/Nov/199Exploit
- http://www.coresecurity.com/content/openview_nnm_internaldb_dosExploitPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54377
FAQ
What is CVE-2009-3977?
CVE-2009-3977 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) ...
How severe is CVE-2009-3977?
CVE-2009-3977 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3977?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Openview Network Node Manager.