Vulnerability Details : CVE-2011-0994
Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-0994
- cpe:2.3:a:novell:file_reporter:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0994
82.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0994
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0994
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0994
-
http://www.vupen.com/english/advisories/2011/0866
Webmail | OVH- OVH
-
http://www.securityfocus.com/archive/1/517321/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/47144
Novell File Reporter Agent XML Tag Remote Code Execution Vulnerability
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12064
Repository / Oval Repository
-
http://securityreason.com/securityalert/8194
Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability - CXSecurity.com
-
http://download.novell.com/Download?buildid=rCAgCcbPH9s~
Downloads - Novell File Reporter Engine Security Patch 1.0.2.53Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66548
Novell File Reporter Agent NFRAgent.exe buffer overflow CVE-2011-0994 Vulnerability Report
-
http://www.securitytracker.com/id?1025292
Novell File Reporter Agent XML Parsing Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.zerodayinitiative.com/advisories/ZDI-11-116/
ZDI-11-116 | Zero Day Initiative
Jump to