Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2220

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-2220
Last Modified 21 Sep 2011 11:31:36
Published 14 Jul 2011 07:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2220

Summary

Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element.

Vulnerable Systems

Application

  • Novell File Reporter

  • Novell File Reporter Engine 1.0.2.0


References

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-227

BUGTRAQ - 20110627 ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability

SECTRACK - 1025722

SREASON - 8305

SECUNIA - 45065

CONFIRM - http://download.novell.com/Download?buildid=leLxi7tQACs~


Last Updated: 27 May 2016 10:56:57