Running under Windows NT Server 4.0 (SP6), HP Openview Node Manager 6.1 is vulnerable to a buffer overrun that causes the system to stop responding.
An attacker has to simply connect to port 80 and send a large GET string that including the EIP is 136 bytes in length. For example (will be wrapped);
http://127.0.0.1/OvCgi/OpenView5.exe?Context=SNMP&Action=SNMP&Host=&Oid=AA(x 132 bytes)
HP had been made aware of the vulnerability and has released a patch available at http://ovweb.external.hp.com/cpe/patches/