CVE-2011-2220 – Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-2220

Stack-based buffer overflow in NFREngine.exe in Novell File Reporter Engine before 1.0.2.53, as used in Novell File Reporter and other products, allows remote attackers to execute arbitrary code via a crafted RECORD element. Desbordamiento de búfer basado en pila en NFREngine.exe en Novell File Reporter Engine anterior a v1.0.2.53, como se utiliza en Novell File Reporter y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de un elemento RECORD manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Engine. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFREngine.exe which communicates with the Agent component over HTTPS on TCP port 3035. When parsing tags inside the <RECORD> element, the application lacks a size check before pushing strings to a memcpy. • http://download.novell.com/Download?buildid=leLxi7tQACs~ http://secunia.com/advisories/45065 http://securityreason.com/securityalert/8305 http://securitytracker.com/id?1025722 http://www.securityfocus.com/archive/1/518632/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-227 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •