CVE-2013-1079

2022-10-0316:14:49

CWE-22

[email protected]

web.nvd.nist.gov

cve-2013-1079

directory traversal

iscreateobject

activex control

installshield

novell zenworks configuration management

zcm

remote code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.

Affected configurations

NVD

Node

novellzenworks_configuration_managementMatch10.3

novellzenworks_configuration_managementMatch10.3.1

novellzenworks_configuration_managementMatch10.3.2

novellzenworks_configuration_managementMatch10.3.3

novellzenworks_configuration_managementMatch11

novellzenworks_configuration_managementMatch11.1

novellzenworks_configuration_managementMatch11.1a

novellzenworks_configuration_managementMatch11.2

CPENameOperatorVersion
novell:zenworks_configuration_managementnovell zenworks configuration managementeq10.3
novell:zenworks_configuration_managementnovell zenworks configuration managementeq10.3.1
novell:zenworks_configuration_managementnovell zenworks configuration managementeq10.3.2
novell:zenworks_configuration_managementnovell zenworks configuration managementeq10.3.3
novell:zenworks_configuration_managementnovell zenworks configuration managementeq11
novell:zenworks_configuration_managementnovell zenworks configuration managementeq11.1
novell:zenworks_configuration_managementnovell zenworks configuration managementeq11.1a
novell:zenworks_configuration_managementnovell zenworks configuration managementeq11.2

CPE	Name	Operator	Version
novell:zenworks_configuration_management	novell zenworks configuration management	eq	10.3
novell:zenworks_configuration_management	novell zenworks configuration management	eq	10.3.1
novell:zenworks_configuration_management	novell zenworks configuration management	eq	10.3.2
novell:zenworks_configuration_management	novell zenworks configuration management	eq	10.3.3
novell:zenworks_configuration_management	novell zenworks configuration management	eq	11
novell:zenworks_configuration_management	novell zenworks configuration management	eq	11.1
novell:zenworks_configuration_management	novell zenworks configuration management	eq	11.1a
novell:zenworks_configuration_management	novell zenworks configuration management	eq	11.2