This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Windows host has an application that can be used to
terminate arbitrary processes.
HP OpenView Internet Services (OVIS) is installed on the remote host.
It provides a single, integrated view of an organization's Internet
The Probe Builder component included with the installation of HP OVIS
on the remote host allows an unauthenticated, remote attacker to
terminate any process on that host by sending a specially crafted
request packet to the Probe Builder Service, which listens by default
on TCP port 32968. The attacker must supply a valid process ID, but
can brute-force the ID and kill critical system processes, thereby
causing the system to crash.
See also :
Apply the patch referenced in HP's advisory above and ensure the file
version of PBOVISServer.exe is 126.96.36.1991.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.4
Public Exploit Available : true