Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.
References
Link | Resource |
---|---|
http://www.exploit-db.com/exploits/19718/ | Exploit |
http://www.novell.com/support/kb/doc.php?id=7009570 | Patch Vendor Advisory |
http://www.zerodayinitiative.com/advisories/ZDI-11-318/ |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-07-26 22:55
Updated : 2012-07-27 04:00
NVD link : CVE-2011-2657
Mitre link : CVE-2011-2657
CVE.ORG link : CVE-2011-2657
JSON object : View
Products Affected
novell
- zenworks_configuration_management
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')