Environment
Sentinel Agent Manager
Situation
A vulnerability exists in Sentinel Agent Manager due to improper bounds checking on method input. The vulnerability could allow a malicious web site or e-mail message to cause systems hosting Sentinel Agent Manager components to crash, or to run arbitrary code within the privilege context of the browser or e-mail client.
For more details see the following URL:
http://zerodayinitiative.com/advisories/ZDI-14-134/ Resolution
Starting with Sentinel Agent Manager 7.2, Agent Manager disables the vulnerable method.
The latest Sentinel Agent Manager can be found with the latest Sentinel 7 patch at NetIQ Patch Finder.
NetIQ typically recommends that all Sentinel software components be updated to the same version, but if necessary, customers can temporarily run Sentinel Agent Manager 7.2 (including this fix) with Sentinel 7.1.x.
Cause
Sentinel Agent Manager prior to SAM 7.2 used the NQMcsVarSet ActiveX Control.
Additional Information
CVE-2014-3460 reported by Andrea Micalizzi (rgod) working with HP's Zero Day Initiative (ZDI)