TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... In December of 2007, Microsoft released seven security bulletins which fixed 11 new security vulnerabilities. TippingPoint and ZDI were credited with discovering a total of four of those vulnerabilities.

HP OpenView Multiple Product Shared Trace Service Stack Overflow Vulnerabilities

TPTI-07-14: August 14th, 2007


Affected Vendors

Affected Products

    HP OpenView Internet Service
    HP OpenView Performance Manager
    HP OpenView Performance Agent
    HP OpenView Reporter
    HP OpenView Operations
    HP OpenView Operations Manager for Windows
    HP OpenView Service Quality Manager
    HP OpenView Network Node Manager
    HP OpenView Business Process Insight and Related Products
    HP OpenView Dashboard
    HP OpenView Performance Insight

TippingPoint™ IPS Customer Protection

TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4787. For further product information on the TippingPoint IPS:

Vulnerability Details

These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities.

The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.

Vendor Response

Hewlett-Packard states:

Hewlett-Packard has issued updates to correct this vulnerability. More details can be found at:

Disclosure Timeline

    2006-10-10 - Vulnerability reported to vendor
    2007-08-14 - Coordinated public release of advisory


This vulnerability was discovered by: