---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: HP Operations Manager SourceView ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA39538 VERIFY ADVISORY: http://secunia.com/advisories/39538/ DESCRIPTION: A vulnerability has been reported in HP Operations Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the SourceView ActiveX control (srcvw32.dll or srcvw4.dll). This can be exploited to cause a stack-based buffer overflow via an overly long argument passed to e.g. the "LoadFile()" method. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following versions: * HP Operations Manager for Windows versions 8.10 and 8.16 with srcvw4.dll version 4.0.1.1 or earlier * HP Operations Manager for Windows version 7.5 with srcvw32.dll version 2.23.28 or earlier SOLUTION: Install patched srcvw32.dll and srcvw4.dll libraries. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: mr_me, Corelan CHANGELOG: 2010-04-20: Added additional vulnerability information to the advisory. Updated the "Original Advisory" section. ORIGINAL ADVISORY: HP (HPSBMA02491 SSRT100060): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02078800 mr_me: http://www.corelan.be:8800/advisories.php?id=CORELAN-10-027 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------