CVE-2011-2658

The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
novellzenworks_configuration_management
10.2
novellzenworks_configuration_management
10.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.novell.com/support/kb/doc.php?id=7009570
http://www.zerodayinitiative.com/advisories/ZDI-11-317/
http://www.novell.com/support/kb/doc.php?id=7009570
http://www.zerodayinitiative.com/advisories/ZDI-11-317/