Check Point Advisories

Update Protection against Novell Teaming ajaxUploadImageFile Remote Code Execution

Check Point Reference:	CPAI-2010-155
Date Published:	24 Sep 2010
Severity:	High
Last Updated:	Friday 01 January, 2010
Source:	Secunia Advisory 40673
Industry Reference:	CVE-2010-2773
Protection Provided by:
Who is Vulnerable?	Novell Teaming 2.1
Vulnerability Description	A remote code execution vulnerability exists in Novell Teaming, a team workspace and real-time collaboration tool.The flaw is due to an input validation when parsing image uploads. A remote attacker could exploit this vulnerability by uploading a maliciously crafted file.
Update/Patch Avaliable	Vendor advisory
Vulnerability Details	The vulnerability is caused due to an error in the handling of image file uploads. This can be exploited by to upload and execute arbitrary JSP code via a file with a specially crafted filename.