Security Vulnerability - Novell Client ActiveX Control "nwsetup.dll" Unspecified Remote Denial of Service

Document ID:7006672
Creation Date:19-Aug-2010
Modified Date:27-Apr-2012
- Micro Focus Products:
  Client for Open Enterprise Server (Novell Client)

Environment

Novell Client 2 SP1 for Windows 7, Vista, 2008, 2008 R2

Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5

Situation

The Novell Client ActiveX control is prone to a remote denial-of-service vulnerability because of an unspecified error.

A successful attack allows a remote attacker to crash an application that is using the ActiveX control (typically Internet Explorer), denying further service to legitimate users.

Resolution

Fix available:

For Novell Client 2 for Windows 7, Vista, 2008, and 2008 R2:

Novell Client 2 SP1 for Windows (and later)

For Novell Client 4.91 SP5 for Windows XP/2003:

Novell Client 4.91 Post-SP5 NWFILTER - 491psp5_nwfilter_1.zip (and later)

Status

Security Alert

Additional Information

Bugtraq ID: 36139, found by Francis Provencher . "Novell Client ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service Vulnerability."