CVE-2013-1092 : Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might al

Multiple unquoted Windows search path vulnerabilities in Novell ZENworks Desktop Management (ZDM) 7 through 7.1 might allow local users to gain privileges via a Trojan horse "program" file in the C: folder, related to an attempted launch of (1) ZenRem32.exe or (2) wm.exe.

Published 2013-05-05 11:07:00

Updated 2013-05-06 04:00:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-1092

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-1092

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2013-1092

http://www.novell.com/support/kb/doc.php?id=7012147

Local privilege escalation vulnerability in ZENworks 7
Vendor Advisory
http://download.novell.com/Download?buildid=hT-LlTRPOfw~

Downloads - ZDM7 fix for Local privilege escalation vulnerability in ZENworks 7

Products affected by CVE-2013-1092

Novell » Zenworks Desktop Management » Version: 7.1
cpe:2.3:a:novell:zenworks_desktop_management:7.1:*:*:*:*:*:*:*
Matching versions
Novell » Zenworks Desktop Management » Version: 7
cpe:2.3:a:novell:zenworks_desktop_management:7:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-1092

Exploit prediction scoring system (EPSS) score for CVE-2013-1092

CVSS scores for CVE-2013-1092

References for CVE-2013-1092

Products affected by CVE-2013-1092