CVE-2009-1350

Novell NetIdentity Client < 1.2.4 - Remote Code Execution via XTIERRPCPIPE Named Pipe

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1350. PoCs published by Metasploit, MC, Ruben Santamarta, including Metasploit module exploits/windows/smb/netidentity_xtierrpcpipe.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in Novell NetIdentity Agent via the 'XTIERRPCPIPE' named pipe. It leverages a memory leak to bypass ASLR and achieve arbitrary code execution.

Description

Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16376

View Code ZIP pw:eip

This Metasploit module exploits a stack buffer overflow in Novell NetIdentity Agent via the 'XTIERRPCPIPE' named pipe. It leverages a memory leak to bypass ASLR and achieve arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Novell NetIdentity Agent

Auth required

Prerequisites: SMB access · Valid credentials · Target service running

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by MC, Ruben Santamarta · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/netidentity_xtierrpcpipe.rb