CVE-2013-1079

Name of the Vulnerable Software and Affected Versions Novell ZENworks Configuration Management (ZCM) versions 10.3 through 11.2

Description A directory traversal issue exists in the ISCreateObject method of an ActiveX control in AdminStudio, allowing remote attackers to execute arbitrary local DLL files via a crafted web page. This can be achieved by calling the Initialize method.

Recommendations For versions 10.3 through 11.2, consider disabling the ISCreateObject method in the ISProxy.dll ActiveX control as a temporary workaround until a patch is available. Restrict access to the Initialize method to minimize the risk of exploitation.