CVE-2011-2657 Information

Description

Directory traversal vulnerability in the LaunchProcess function in the LaunchHelp.HelpLauncher.1 ActiveX control in LaunchHelp.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2 10.3 and 11 SP1 allows remote attackers to execute arbitrary commands via a pathname in the first argument.

Reference

http://www.exploit-db.com/exploits/19718/ http://www.novell.com/support/kb/doc.php?id=7009570 http://www.zerodayinitiative.com/advisories/ZDI-11-318/