Novell ZENWorks AdminStudio ISProxy 'ISProxy.dll' Activex Remote Code Execution Vulnerability

Bugtraq ID:	58664
Class:	Boundary Condition Error
CVE:	CVE-2013-1079
Remote:	Yes
Local:	No
Published:	Mar 22 2013 12:00AM
Updated:	Mar 22 2013 12:00AM
Credit:	Andrea Micalizzi
Vulnerable:	Novell ZENworks Configuration Management 11.2 Novell ZENworks Configuration Management 11.1 Novell ZENworks Configuration Management 11.0 Novell ZENworks Configuration Management 10.3
Not Vulnerable:

Novell ZENWorks AdminStudio ISProxy 'ISProxy.dll' Activex Remote Code Execution Vulnerability

Novell ZENWorks AdminStudio is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts likely result in denial-of-service conditions.

The following versions are affected:

Novell ZENworks Configuration Management 10.3
Novell ZENworks Configuration Management 11.0
Novell ZENworks Configuration Management 11.1
Novell ZENworks Configuration Management 11.2

Novell ZENWorks AdminStudio ISProxy 'ISProxy.dll' Activex Remote Code Execution Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Novell ZENWorks AdminStudio ISProxy 'ISProxy.dll' Activex Remote Code Execution Vulnerability

Solution:
Vendor updates are available. Please see the references for more information.

Novell ZENWorks AdminStudio ISProxy 'ISProxy.dll' Activex Remote Code Execution Vulnerability

References:

• AdminStudio ISProxy Remote Code Execution Vulnerability (Novell)
  
• Novell Homepage (Novell)
  
• Novell ZENWorks AdminStudio ISProxy ActiveX Remote Code Execution Vulnerability (ZDI)