Client for Open Enterprise Server 2 SP4
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
The fix for this security vulnerability is included in "Client for Open Enterprise Server 2 SP4 (IR8a)" and later builds.
This vulnerability was discovered by Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative. ZDI-CAN-5479