Novell ZENworks Desktop Management ActiveX control buffer overflow
| novell-zenworks-activex-bo (45462) |  High Risk |
Description:
The Novell ZENworks Desktop Management ActiveX control is vulnerable to a heap-based buffer overflow. By persuading a victim to visit a malicious Web page that passes an overly long argument to the CanUninstall() method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the victim's browser to crash.
Platforms Affected:
- Novell, ZENworks Desktop Management 6.5
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Sat Sep 27 2008 - 07:21:35 CDT, Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC at http://archives.neohapsis.com/archives/bugtraq/2008-09/0308.html.
- Novell ZENworks Web site, Novell ZENworks Configuration Management at http://www.novell.com/products/zenworks/configurationmanagement/.
- BID-31435: Novell ZENworks Desktop Management ActiveX Control 'CanUninstall()' Buffer Overflow Vulnerability
- CVE-2008-5073: Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
- SECTRACK ID: 1020951: Novell ZENworks Heap Overflow in ActiveX Control Lets Remote Users Execute Arbitrary Code
Reported:
Sep 27, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net