| Vulnerability Name: | CVE-2011-2658 (CCN-70754) | ||||||||
| Assigned: | 2011-10-18 | ||||||||
| Published: | 2011-10-18 | ||||||||
| Updated: | 2012-07-27 | ||||||||
| Summary: | The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-2658 Source: CCN Type: SA46466 Novell ZENworks Configuration Management AdminStudio ActiveX Controls Vulnerabilities Source: CONFIRM Type: Patch http://www.novell.com/support/kb/doc.php?id=7009570 Source: CCN Type: Novell Document ID: 7009570 Security Vulnerabilities with ZENworks Admin Studio version Source: CCN Type: BID-50274 Novell ZENworks Configuration Management AdminStudio Remote Code Execution Vulnerabilities Source: CCN Type: BID-50572 Novell ZENWorks 'mscomct2.ocx' ActiveX Control Remote Code Execution Vulnerability Source: MISC Type: Patch http://www.zerodayinitiative.com/advisories/ZDI-11-317/ Source: XF Type: UNKNOWN zenworks-antique-code-execution(70754) Source: CCN Type: ZDI-11-317 Novell ZENWorks Software Packaging Antique ActiveX Control Remote Code Execution Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||