CVE-2012-5932

NetIQ Privileged User Manager < 2.3.1 HF2 - Remote Code Execution via ldapagnt_eval Function

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-5932. PoCs published by Metasploit, rgod, juan vazquez, including Metasploit module exploits/windows/novell/netiq_pum_eval.

AI-analyzed exploit summary This Metasploit module exploits a lack of authorization in NetIQ Privileged User Manager's ldapagnt_eval() function to execute arbitrary Perl code, leading to remote code execution with SYSTEM privileges on Windows 2003 SP2.

Description

Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/22903

View Code ZIP pw:eip

This Metasploit module exploits a lack of authorization in NetIQ Privileged User Manager's ldapagnt_eval() function to execute arbitrary Perl code, leading to remote code execution with SYSTEM privileges on Windows 2003 SP2.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NetIQ Privileged User Manager 2.3.1

No auth needed

Prerequisites: Network access to the target service on port 443 · Target running NetIQ Privileged User Manager 2.3.1

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by rgod, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/novell/netiq_pum_eval.rb

View Code ZIP pw:eip

This Metasploit module exploits a lack of authorization in NetIQ Privileged User Manager's ldapagnt module to execute arbitrary Perl code, leading to remote code execution with SYSTEM privileges. It uses a fake login request to trigger the vulnerability and delivers a payload via an HTTP server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NetIQ Privileged User Manager 2.3.1

No auth needed

Prerequisites: Network access to the target service · Target running NetIQ Privileged User Manager 2.3.1

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://download.novell.com/Download?buildid=K6-PmbPjduA~

Vendor Advisory x_refsource_confirm

https://www.netiq.com/support/kb/doc.php?id=7011385

Exploit x_refsource_misc

http://retrogod.altervista.org/9sg_novell_netiq_ii.htm

Exploit x_refsource_misc

http://retrogod.altervista.org/9sg_novell_netiq_ldapagnt_adv.htm

Scores

EPSS 0.6275

EPSS Percentile 99.1%

Details

CWE

CWE-94

Status published

Products (2)

microfocus/privileged_user_manager 2.3.0

microfocus/privileged_user_manager 2.3.1

Published Dec 24, 2012

Tracked Since Feb 18, 2026