You are here

V-082: Novell GroupWise Client Two Vulnerabilities

February 1, 2013 - 6:00am

Addthis

PROBLEM:

Two vulnerabilities have been reported in Novell GroupWise Client

PLATFORM:

Novell GroupWise 2012
Novell GroupWise Client 2012
Novell GroupWise Client 8.x
Novell GroupWise Server 8.x

ABSTRACT:

Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system.

REFERENCE LINKS:

Secunia Advisory SA52031 
CVE-2012-0439 
CVE-2013-0804 
Novell KB 7011687
Novell KB 7011688

IMPACT ASSESSMENT:

High

DISCUSSION:

The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on vulnerable installations of Novell GroupWise.  It is also vulnerable to multiple untrusted pointer dereference vulnerabilities, which could be exploited by a remote attacker to compromise a vulnerable system.

IMPACT:

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

SOLUTION:

To resolve this vulnerability, apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1.

Addthis