CVE-2011-3174 Information

Description

Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ActiveX control in InstallShield/ISGrid2.dll in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2 10.3 and 11 SP1 allows remote attackers to execute arbitrary code via a long bstrReplaceText parameter.

Reference

http://www.novell.com/support/kb/doc.php?id=7009570 http://www.zerodayinitiative.com/advisories/ZDI-11-319/