CVE-2013-1079

Novell ZENworks Configuration Management (ZCM) <11.2 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7011811
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-13-048/

Scores

EPSS 0.0698
EPSS Percentile 91.6%

Details

CWE
CWE-22
Status published
Products (8)
novell/zenworks_configuration_management 10.3
novell/zenworks_configuration_management 10.3.1
novell/zenworks_configuration_management 10.3.2
novell/zenworks_configuration_management 10.3.3
novell/zenworks_configuration_management 11
novell/zenworks_configuration_management 11.1
novell/zenworks_configuration_management 11.1a
novell/zenworks_configuration_management 11.2
Published Mar 29, 2013
Tracked Since Feb 18, 2026