Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist.
A stack overflow vulnerability exists in the agent process (NFRAgent.exe) of Novell File Reporter versions prior to 1.0.2. A remote attacker may send a malicious XML request to execute arbitrary code on the host.
Upgrade to Novell File Reporter 1.0.2 or higher.
This exploit has been tested against Novell File Reporter 18.104.22.168 running in Microsoft Windows Server 2003 SP2 English (DEP AlwaysOff) and Microsoft Windows XP SP3 English (DEP OptIn). This exploit requires the IO::Socket::SSL PERL module.
Windows Server 2003