CVE ID | CVE-2018-7687 |
CVSS SCORE | 6.9, AV:L/AC:M/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
Micro Focus |
AFFECTED PRODUCTS |
Client for Open Enterprise Server |
VULNERABILITY DETAILS |
The specific flaw exists within the handling of IOCTL 0x143CFB. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privilege to the level of SYSTEM. |
ADDITIONAL DETAILS |
Micro Focus has issued an update to correct this vulnerability. More details can be found at:
https://www.novell.com/support/kb/doc.php?id=7022983 |
DISCLOSURE TIMELINE |
|
CREDIT | Steven Seeley of Source Incite |