(0Day) Novell NetIQ Sentinel Agent Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability

ID ZDI-14-134
Type zdi
Reporter Andrea Micalizzi aka rgod
Modified 2014-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the NQMcsVarSet ActiveX control. The control exposes the DumpToFile method. The method does not properly sanitize the path for the filename, allowing for directory traversal. An attacker can leverage this vulnerability to write files under the context of the current process, which can then be used to execute code under the context of the current user.