HP OpenView Network Node Manager Insecure Permissions Vulnerability

HP OpenView Network Node Manager has insecure default permissions.
The installation process for the software grants ‘Everyone’ full access to the ‘C:\Program Files\HP OpenView’ directory. This directory contains the ‘bin\ovtrcsvc.exe’ executable,
which is run as a service with SYSTEM-level privileges. So a local user can replace the .exe with malicious code and it will run with SYSTEM rights the next time the service starts (likely next reboot).

One Comment

  1. LoLz… and we haven’t seen That attack before, have we…
    I still have that Symantec AV exe you rooted. Aah, nostalgia.
    Roger, did we ever find a tool for Windows that would find all executables that were world readable? I seem to remember we did, but that was ages ago…
    Bill Gross

Comments are closed.