CVE-2012-5932

Microfocus Privileged User Manager - Code Injection

Title source: rule

Description

Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22903

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by rgod, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/novell/netiq_pum_eval.rb

View Code ZIP pw:eip

References (4)

[Various Sources] http://download.novell.com/Download?buildid=K6-PmbPjduA~

[Vendor Advisory] https://www.netiq.com/support/kb/doc.php?id=7011385

[Exploit] http://retrogod.altervista.org/9sg_novell_netiq_ii.htm

[Exploit] http://retrogod.altervista.org/9sg_novell_netiq_ldapagnt_adv.htm

Scores

EPSS 0.4975

EPSS Percentile 97.8%

Details

CWE

CWE-94

Status published

Products (2)

microfocus/privileged_user_manager 2.3.0

microfocus/privileged_user_manager 2.3.1

Published Dec 24, 2012

Tracked Since Feb 18, 2026