A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe application which is launched when a request is received for the jovgraph.exe CGI application. This process copies the contents of the ‘sel’ POST variable a user-controllable amount of times into a static stack buffer. By repeating a specific string as the contents of the ‘arg’ POST variable this buffer can be overflowed leading to arbitrary code execution.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83668/TPTI-09-14.txt
Source: https://packetstormsecurity.com/files/83668/HP-OpenView-NNM-ovwebsnmpsrv.exe-OVwSelection-Stack-Overflow.html