Novell ZENworks LaunchHelp.dll ActiveX Control LaunchProcess Code Execution

Added: 11/14/2011
CVE: CVE-2011-2657
BID: 50274
OSVDB: 76700

Background

Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.

Novell ZENworks Configuration Management includes AdminStudio by Novell technical partner Flexera Software. AdminStudio provides a complete suite of automated packaging, customization, conflict resolution, and quality assurance tools.

Problem

The LaunchProcess function in the LaunchHelp.dll ActiveX Control is vulnerable to directory traversal because it fails to validate a command path argument. A remote attacker that persuades a user to open a malicious web page or file could execute arbitrary code on the target system.

Resolution

Apply patches as described in 7009570.

References

http://www.zerodayinitiative.com/advisories/ZDI-11-318/

Limitations

Exploit works on Novell ZENWorks AdminStudio 10.0 SP2.

The user must open the exploit in Internet Explorer 7 or 8 on the target.

Platforms

Windows

Back to exploit index