Signature Detail

Short Name	HTTP:STC:ACTIVEX:NOVELL-GRPWISE
Severity	Medium
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Novell GroupWise Client Unsafe ActiveX control
Release Date	2013/04/25
Update Number	2258
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Novell GroupWise Client Unsafe ActiveX control

This signature detects attempts to use unsafe ActiveX controls in the Novell GroupWise Client. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.

Affected Products

novell groupwise 2012 (sp1)
novell groupwise 8.0
novell groupwise 8.00 (hp1)
novell groupwise 8.00 (hp2)
novell groupwise 8.00 (hp3)
novell groupwise 8.01 (hp)
novell groupwise 8.02 (hp1)
novell groupwise 8.02 (hp2)
novell groupwise 8.02 (hp3)
novell groupwise 8.03 (hp1)

References

BugTraq: 57657
CVE: CVE-2013-0804

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Novell GroupWise Client Unsafe ActiveX control

Extended Description

Affected Products

References