Lucene search
Stephen Fewer of Harmony Security (www.harmonysecurity.com)ZDI-11-116HistoryApr 04, 2011 - 12:00 a.m.
Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability
2011-04-0400:00:00
Stephen Fewer of Harmony Security (www.harmonysecurity.com)
www.zerodayinitiative.com
12
0.87 High
EPSS
Percentile
98.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the NFRAgent.exe component which listens by default on TCP port 3037. When handling the contents of an XML tag the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
Related
saint
saint
Novell File Reporter Agent XML Parser Buffer Overflow
2011-05-16 00:00:00
Novell File Reporter Agent XML Parser Buffer Overflow
2011-05-16 00:00:00
Novell File Reporter Agent XML Parser Buffer Overflow
2011-05-16 00:00:00
openvas
openvas
securityvulns
securityvulns
Novell File Reporter Agent buffer overflow
2011-04-05 00:00:00
cve
cve
CVE-2011-0994
2011-04-10 02:55:01
nvd
nvd
CVE-2011-0994
2011-04-10 02:55:01
cvelist
cvelist
CVE-2011-0994
2011-04-10 01:29:00
checkpoint_advisories
checkpoint_advisories
Novell File Reporter Agent XML Parsing Stack Buffer Overflow (CVE-2011-0994)
2011-06-28 00:00:00
seebug
seebug
Novell File Reporter Agent XML解析缓冲区溢出漏洞
2011-04-08 00:00:00
nessus
nessus
Novell File Reporter Agent XML Tag Handling Buffer Overflow
2011-04-22 00:00:00
prion
prion
Stack overflow
2011-04-10 02:55:00
d2
d2
DSquare Exploit Pack: D2SEC_NFRAGENT
2011-04-10 02:55:00