Zero Day Initiative Advisory 10-230 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Handheld Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within module ZfHIPCND.exe. This process is responsible for handling the data received on TCP port 2400. The module reads in the data stream and copies the specified amount of bytes into a fixed-length buffer located in the heap. An attacker can overflow this buffer and execute arbitrary code with SYSTEM privileges.
b92fe75ecd9cb7f79d3088173131ddd1565e2a74ab4c37e792913b397aac69b0