Novell ZENworks Handheld Management ZfHIPCND.exe Unspecified Buffer Overflow

Critical Nessus Plugin ID 50679


The remote host is running a server that is affected by a remote heap overflow vulnerability.


A vulnerability exists in the server ZfHIPCND.exe, which handles the data received on TCP port 2400. An attacker can overflow a buffer on a heap belonging to the server and possibly execute arbitrary code with SYSTEM privileges. Authentication is not required to exploit this vulnerability.


Apply patch ZHM_635573_29102010 or later.

See Also

Plugin Details

Severity: Critical

ID: 50679

File Name: novell_zenworks_handheld_management_zfhipcnd_buffer_overflow.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2010/11/22

Modified: 2015/01/12

Dependencies: 13855, 10456

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:TF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2010/11/02

Vulnerability Publication Date: 2010/11/02

Reference Information

CVE: CVE-2010-4299

BID: 44700

OSVDB: 69157