PROBLEM:
Two vulnerabilities have been reported in Novell GroupWise Client
PLATFORM:
Novell GroupWise 2012
Novell GroupWise Client 2012
Novell GroupWise Client 8.x
Novell GroupWise Server 8.x
ABSTRACT:
Two vulnerabilities have been reported in Novell GroupWise Client which can be exploited by malicious people to compromise a user's system.
REFERENCE LINKS:
Secunia Advisory SA52031
CVE-2012-0439
CVE-2013-0804
Novell KB 7011687
Novell KB 7011688
IMPACT ASSESSMENT:
High
DISCUSSION:
The GroupWise Client for Windows is vulnerable to an ActiveX Control exploit where by enticing a target user to open a malicious file or visit a malicious page, a remote attacker could execute arbitrary code on vulnerable installations of Novell GroupWise. It is also vulnerable to multiple untrusted pointer dereference vulnerabilities, which could be exploited by a remote attacker to compromise a vulnerable system.
IMPACT:
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
SOLUTION:
To resolve this vulnerability, apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1.