CVE-2011-2658

EUVD-2011-2641
The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
novellzenworks_configuration_management
10.2
novellzenworks_configuration_management
10.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.novell.com/support/kb/doc.php?id=7009570
http://www.zerodayinitiative.com/advisories/ZDI-11-317/
http://www.novell.com/support/kb/doc.php?id=7009570
http://www.zerodayinitiative.com/advisories/ZDI-11-317/