CVE-2018-7687: Security Vulnerability - Client for OES Elevation of Privilege via Buffer Overflow

  • 7022983
  • 18-May-2018
  • 21-May-2018

Environment

Client for Open Enterprise Server 2 SP4

Situation

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. 

Resolution

The fix for this security vulnerability is included in "Client for Open Enterprise Server 2 SP4 (IR8a)" and later builds.

Status

Security Alert

Additional Information

This vulnerability was discovered by Steven Seeley of Source Incite working with Trend Micro's Zero Day Initiative. ZDI-CAN-5479