Security Vulnerability Heap Buffer Overflow with ZENworks 7 Handheld Management

  • 7007663
  • 25-Jan-2011
  • 16-Mar-2012


Novell ZENworks 7 Handheld Management - ZHM7


A Security Vulnerability exists in ZHM7 code which allows remote attackers to execute arbitrary code which can be made to overflow a heap buffer.  This can be abused by an attacker to execute remote code under the context of the application.


To obtain a hot patch with the fix for this problem, follow the instructions in KB 3829982 "Updates to Novell ZENworks 7 Handheld Management" which can be found at


Security Alert

Additional Information

- Credits: Junaid Bohio, Vulnerability Research Team, TELUS Security Labs (
Also reported by: TippingPoint as ZDI-CAN-1071: discovered by:  * AbdulAziz Hariri