Buffer overflow in Novell File_reporter

CVE-2011-0994

Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.

Vulnerability class: Buffer Overflow

EPSS: 0.294 (96.7th percentile) — read the EPSS interpretation.

Affected products

Novell File_reporter
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

43975 (x_refsource_SECUNIA, third-party-advisory)
1025292 (vdb-entry, x_refsource_SECTRACK)
47144 (vdb-entry, x_refsource_BID)
oval:org.mitre.oval:def:12064 (x_refsource_OVAL, signature, vdb-entry)
cve@mitre.org (x_refsource_CONFIRM, Patch)
ADV-2011-0866 (vdb-entry, x_refsource_VUPEN)
filereporter-nfragent-bo(66548) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
8194 (x_refsource_SREASON, third-party-advisory)
20110404 ZDI-11-116: Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)