CVE-2012-4956

Novell File Reporter <1.0.2 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.

Exploits (1)

metasploit WORKING POC

by juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/http/novell_file_reporter_heap_bof.rb

View Code ZIP pw:eip

References (3)

[US Government Resource] http://www.kb.cert.org/vuls/id/273371

[Exploit] https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959

[Third Party Advisory, VDB Entry] http://osvdb.org/87574

Scores

EPSS 0.6858

EPSS Percentile 98.6%

Details

CWE

CWE-119

Status published

Products (1)

novell/file_reporter 1.0.2

Published Nov 18, 2012

Tracked Since Feb 18, 2026