CVE-2011-2658

The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.novell.com/support/kb/doc.php?id=7009570	Patch
http://www.zerodayinitiative.com/advisories/ZDI-11-317/	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:zenworks_configuration_management:10.2:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:10.3:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11:sp1::::::

History

No history.

Information

Published : 2012-07-26 22:55

Updated : 2024-02-28 12:00

NVD link : CVE-2011-2658

Mitre link : CVE-2011-2658

CVE.ORG link : CVE-2011-2658

JSON object : View

Products Affected

novell

zenworks_configuration_management

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-2658", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-07-26T22:55:01.217", "references": [{"url": "http://www.novell.com/support/kb/doc.php?id=7009570", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-317/", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws."}, {"lang": "es", "value": "El control ActiveX ISList.ISAvi en AdminStudio en Novell ZENworks Configuration Management (ZCM) v10.2, v10.3, 11 y SP1 permite el acceso al expediente Mscomct2.ocx, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n aprovech\u00e1ndose de fallos no especificados de mscomct2.\r\n"}], "lastModified": "2012-07-27T13:33:24.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BCFE6AD-E242-4306-8DEB-7023F48BC1D3"}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ABC25E5-76CD-469B-879A-B1F7109D0181"}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A93DBC3-5C82-4396-B3D0-F32B219E2DE0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}