CVE-2011-2657

Name of the Vulnerable Software and Affected Versions Novell ZENworks Configuration Management versions 10.2 through 11 SP1

Description The issue allows remote attackers to execute arbitrary commands via a pathname in the first argument to the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll. This enables attackers to potentially execute malicious commands on affected systems.

Recommendations For versions 10.2 through 11 SP1, consider disabling the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control until a patch is available. Restrict access to the LaunchHelp.dll to minimize the risk of exploitation. Avoid using the LaunchHelp ActiveX control in the affected Novell ZENworks Configuration Management versions until the issue is resolved.