What is CVE-2009-0920?

CVE-2009-0920 is a vulnerability in N/a. Published 2009-03-25.

Is CVE-2009-0920 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-0920

Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

EPSS: 0.588 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ADV-2009-0819 (vdb-entry, x_refsource_VUPEN)
34294 (vdb-entry, x_refsource_BID)
8308 (x_refsource_SREASON, third-party-advisory)
www.coresecurity.com/content/openview-buffer-overflows (x_refsource_MISC)
20090323 CORE-2009-0122: HP OpenView Buffer Overflows (mailing-list, x_refsource_BUGTRAQ)
34444 (x_refsource_SECUNIA, third-party-advisory)
hp-ovnnm-ovoslocale-bo(49364) (vdb-entry, x_refsource_XF)
SSRT090008 (x_refsource_HP, vendor-advisory)
1021883 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2009-0920?: CVE-2009-0920 is a vulnerability in N/a. Published 2009-03-25.
Is CVE-2009-0920 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.