|CVSS SCORE||6.9, (AV:L/AC:M/Au:N/C:C/I:C/A:C)|
Client for Open Enterprise Server
The specific flaw exists within the handling of IOCTL 0x143CFB. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privilege to the level of SYSTEM.
Micro Focus has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Steven Seeley of Source Incite