CVE-2011-4135

Flexera FlexNet Publisher <11.10 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.

Exploits (1)

metasploit WORKING POC NORMAL

by Luigi Auriemma, Alexander Gavrun, juan vazquez, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/license/flexnet_lmgrd_bof.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-11-272/

[Vendor Advisory] http://secunia.com/advisories/45615

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49191

[Patch, Vendor Advisory] http://www.flexerasoftware.com/pl/13057.htm

[Various Sources] http://www.ibm.com/support/docview.wss?uid=swg21577760

[Vendor Advisory] http://kb.flexerasoftware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q200975&sliceId=1

Scores

EPSS 0.6221

EPSS Percentile 98.4%

Details

CWE

CWE-22

Status published

Products (1)

flexerasoftware/flexnet_publisher 11.10

Published Jan 19, 2012

Tracked Since Feb 18, 2026