CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.7%
Added: 11/14/2011
CVE: CVE-2011-2657
BID: 50274
OSVDB: 76700
Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.
Novell ZENworks Configuration Management includes AdminStudio by Novell technical partner Flexera Software. AdminStudio provides a complete suite of automated packaging, customization, conflict resolution, and quality assurance tools.
The **LaunchProcess**
function in the **LaunchHelp.dll**
ActiveX Control is vulnerable to directory traversal because it fails to validate a command path argument. A remote attacker that persuades a user to open a malicious web page or file could execute arbitrary code on the target system.
Apply patches as described in 7009570.
<http://www.zerodayinitiative.com/advisories/ZDI-11-318/>
Exploit works on Novell ZENWorks AdminStudio 10.0 SP2.
The user must open the exploit in Internet Explorer 7 or 8 on the target.
Windows