First published: Thu Jul 26 2012(Updated: )
Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Micro Focus ZENworks Configuration Management | =10.2 | |
Micro Focus ZENworks Configuration Management | =10.3 | |
Micro Focus ZENworks Configuration Management | =11-sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-3174 has a critical severity rating due to the potential for remote code execution.
To fix CVE-2011-3174, upgrade to a patched version of Novell ZENworks Configuration Management that addresses this vulnerability.
CVE-2011-3174 affects Novell ZENworks Configuration Management versions 10.2, 10.3, and 11 SP1.
Yes, CVE-2011-3174 can be exploited remotely through the execution of arbitrary code via a specially crafted input.
CVE-2011-3174 is a buffer overflow vulnerability in the DoFindReplace function of the ISGrid.ActiveX control.