Novell Inc's ZENworks is a set of tools used to automate IT management and business processes across the various computing resources within an organization. The Collection Client provides functionality, as a service, that will supply the Collection Server with information regarding the managed machine's hardware and software configuration.
Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with SYSTEM privileges on Windows or root on the various supported UNIX based operating systems.
Vulnerable Systems:
* ZENworks Asset Management 7.0 SP1 (7.0.0.36 version of the CClient.exe and Msg.dll files).
A heap overflow may occur when processing specially crafted packets sent to the Collection Client daemon. The root cause of this vulnerability is identical to that of the vulnerability in Msg.dll. For more information please consult the Msg.dll advisory.
Successful exploitation of this vulnerability could allow a remote attacker to take complete control of the affected system.
