Novell ZENworks LaunchHelp.dll ActiveX Control LaunchProcess Code Execution

Added: 11/14/2011
CVE: CVE-2011-2657
BID: 50274
OSVDB: 76700

Background

Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.

Novell ZENworks Configuration Management includes AdminStudio by Novell technical partner Flexera Software. AdminStudio provides a complete suite of automated packaging, customization, conflict resolution, and quality assurance tools.

Problem

The **LaunchProcess** function in the **LaunchHelp.dll** ActiveX Control is vulnerable to directory traversal because it fails to validate a command path argument. A remote attacker that persuades a user to open a malicious web page or file could execute arbitrary code on the target system.

Resolution

Apply patches as described in 7009570.

References

<http://www.zerodayinitiative.com/advisories/ZDI-11-318/&gt;

Limitations

Exploit works on Novell ZENWorks AdminStudio 10.0 SP2.

The user must open the exploit in Internet Explorer 7 or 8 on the target.

Platforms

Windows