CVE-2011-2658
Novell ZENworks Configuration Management 10.2-11 SP1 - Remote Code Execution via ISList.ISAvi ActiveX Control
Title source: llmDescription
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.
References (2)
Core 2
Core References
Patch x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-317/
Patch x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7009570
Scores
EPSS
0.0329
EPSS Percentile
87.4%
Details
CWE
CWE-264
Status
published
Products (3)
novell/zenworks_configuration_management
10.2
novell/zenworks_configuration_management
10.3
novell/zenworks_configuration_management
11 sp1
Published
Jul 26, 2012
Tracked Since
Feb 18, 2026