CVE-2010-4299

Published: Nov 22, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.

Affected (2)

Products: Novell: Zenworks Handheld Management

Novell

1 product

Zenworks Handheld Management

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Novell Zenworks Handheld Management	Version 7
Novell Zenworks Handheld Management	Version 7 sp1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (10)

http://marc.info/?l=full-disclosure&m=128916914213292&w=2

Source: cve@mitre.org

PatchThird Party Advisory

http://secunia.com/advisories/42130

Source: cve@mitre.org

Permissions Required

http://www.novell.com/support/viewContent.do?externalId=7007135

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id?1024691

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.zerodayinitiative.com/advisories/ZDI-10-230/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://marc.info/?l=full-disclosure&m=128916914213292&w=2