Signature Detail
Short Name |
APP:NOVELL:GROUPWISE-ADDRESSBK |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell GroupWise Addressbook Parsing Integer Overflow |
Release Date |
2012/09/26 |
Update Number |
2188 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Novell GroupWise Addressbook Parsing Integer Overflow
A heap buffer overflow vulnerability has been identified in Novell Groupware Client. The vulnerability is due to an integer overflow while parsing Novell Address Book files. An attacker can exploit this vulnerability by enticing a user to open a malformed Novell Address Book (.nab) file containing an overly long token. A successful attack would lead to injection and execution of arbitrary code in the security context of the target user. If the code execution attempt does not succeed, the application may terminate abnormally.
Extended Description
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file.
Affected Products
- novell groupwise 2012
- novell groupwise 8.0
- novell groupwise 8.00 (hp1)
- novell groupwise 8.00 (hp2)
- novell groupwise 8.00 (hp3)
- novell groupwise 8.01 (hp)
- novell groupwise 8.02 (hp1)
- novell groupwise 8.02 (hp2)
- novell groupwise 8.02 (hp3)
References
- CVE: CVE-2012-0418