CVE-2011-2657

Sažetak

Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.

Reference

http://www.exploit-db.com/exploits/19718/
http://www.novell.com/support/kb/doc.php?id=7009570
http://www.zerodayinitiative.com/advisories/ZDI-11-318/

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-07-2012 - 04:00

Objavljeno

26-07-2012 - 22:55