(0Day) Novell File Reporter NFRAgent.exe VOL Tag Remote Code Execution Vulnerability

ID ZDI-12-167
Type zdi
Reporter Tenable Network Security
Modified 2012-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability.

The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.