CVE-2011-2657

Novell ZENworks Configuration Management 10.2-11 SP1 - Remote Code Execution via LaunchHelp ActiveX Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-2657. PoCs published by Metasploit, rgod, juan vazquez, including Metasploit module exploits/windows/browser/zenworks_helplauncher_exec.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control (CVE-2011-2657) by leveraging the LaunchProcess function to execute arbitrary commands. It delivers a payload via a VBS stager and achieves remote code execution on vulnerable systems.

Description

Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/19718

This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control (CVE-2011-2657) by leveraging the LaunchProcess function to execute arbitrary commands. It delivers a payload via a VBS stager and achieves remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AdminStudio LaunchHelp.dll 9.5.0.0 (also affects Novell ZENworks Configuration Management 10 SP2)
No auth needed
Prerequisites: Victim must use Internet Explorer (tested on IE 6 and IE 8) · AdminStudio LaunchHelp.dll ActiveX control must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by rgod, juan vazquez · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb

This Metasploit module exploits CVE-2011-2657 in AdminStudio LaunchHelp.dll ActiveX control, allowing arbitrary command execution via the LaunchProcess function. It delivers a payload through a VBS stager and achieves remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: AdminStudio LaunchHelp.dll 9.5.0.0 (also affects Novell ZENworks Configuration Management 10 SP2)
No auth needed
Prerequisites: Victim must use Internet Explorer with the vulnerable ActiveX control installed · Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7009570
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-318/
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/19718/

Scores

EPSS 0.4837
EPSS Percentile 98.7%

Details

CWE
CWE-22
Status published
Products (3)
novell/zenworks_configuration_management 10.2
novell/zenworks_configuration_management 10.3
novell/zenworks_configuration_management 11 sp1
Published Jul 26, 2012
Tracked Since Feb 18, 2026