Novell File Reporter 'NFRAgent.exe' XML Parsing Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Novell File Reporter and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges or cause denial of service. Impact Level: Application/System

Solution

Upgrade Novell File Reporter 1.0.2 or later, For updates refer to http://download.novell.com/Download?buildid=rCAgCcbPH9s~

Insight

The flaw exists within 'NFRAgent.exe' module, which allows remote attackers to execute arbitrary code via unspecified XML data to port 3037.

Affected

Novell File Reporter (NFR) before 1.0.2

References

http://www.securityfocus.com/archive/1/archive/1/517321/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-11-116/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0994
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ChaSen Buffer Overflow Vulnerability (Linux)
Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
CA Internet Security Suite Plus 'KmxSbx.sys' Buffer Overflow Vulnerability
BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability
BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability

Take action and discover your vulnerabilities