10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.87 High
EPSS
Percentile
98.6%
Added: 05/16/2011
CVE: CVE-2011-0994
BID: 47144
OSVDB: 71980
Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist.
A stack overflow vulnerability exists in the agent process (NFRAgent.exe) of Novell File Reporter versions prior to 1.0.2. A remote attacker may send a malicious XML request to execute arbitrary code on the host.
Upgrade to Novell File Reporter 1.0.2 or higher.
<http://download.novell.com/Download?buildid=rCAgCcbPH9s~>
<http://www.zerodayinitiative.com/advisories/ZDI-11-116/>
This exploit has been tested against Novell File Reporter 1.0.1.1 running in Microsoft Windows Server 2003 SP2 English (DEP AlwaysOff) and Microsoft Windows XP SP3 English (DEP OptIn). This exploit requires the IO::Socket::SSL PERL module.
Windows Server 2003
Windows XP