Novell File Reporter 'NFRAgent.exe' XML Parsing Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Novell File Reporter and is prone to buffer overflow vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges or cause denial of service. Impact Level: Application/System

Solution

Upgrade Novell File Reporter 1.0.2 or later, For updates refer to http://download.novell.com/Download?buildid=rCAgCcbPH9s~

Insight

The flaw exists within 'NFRAgent.exe' module, which allows remote attackers to execute arbitrary code via unspecified XML data to port 3037.

Affected

Novell File Reporter (NFR) before 1.0.2

References

http://www.securityfocus.com/archive/1/archive/1/517321/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-11-116/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0994

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
Adobe Air Buffer Overflow Vulnerability (Mac OS X)
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Linux)
Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability
Apache mod_proxy content-length buffer overflow

Take action and discover your vulnerabilities