Vulnerability Description
Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Zenworks Configuration Management | 10.3 |
Related Weaknesses (CWE)
References
- http://www.novell.com/support/kb/doc.php?id=7011811Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-13-048/
- http://www.novell.com/support/kb/doc.php?id=7011811Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-13-048/
FAQ
What is CVE-2013-1079?
CVE-2013-1079 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 all...
How severe is CVE-2013-1079?
CVE-2013-1079 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1079?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Zenworks Configuration Management.