CVE-2013-1079

CVSS 6.8 - MEDIUM
Description

Directory traversal vulnerability in the ISCreateObject method in an ActiveX control in InstallShield\ISProxy.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.3 through 11.2 allows remote attackers to execute arbitrary local DLL files via a crafted web page that also calls the Initialize method.

Affected Products
8
Vendor Product Version
novell zenworks_configuration_management 10.3
novell zenworks_configuration_management 10.3.1
novell zenworks_configuration_management 10.3.2
novell zenworks_configuration_management 10.3.3
novell zenworks_configuration_management 11
novell zenworks_configuration_management 11.1
novell zenworks_configuration_management 11.1a
novell zenworks_configuration_management 11.2
References
http://www.novell.com/support/kb/doc.php?id=701181...
http://www.zerodayinitiative.com/advisories/ZDI-13...
http://www.novell.com/support/kb/doc.php?id=701181...
http://www.zerodayinitiative.com/advisories/ZDI-13...
Weakness Types
CWE-22
CVE Information
CVE ID:
CVE-2013-1079
Published:
2013-03-29
Modified:
2026-04-29
CVSS Score:
6.8
Severity:
MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Vendors
novell
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL