CVE-2008-2703

2008-06-1319:41:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-2703

novell groupwise messenger

buffer overflow

remote code execution

security vulnerability

windows

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.881 High

EPSS

Percentile

98.7%

JSON

Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via “spoofed server responses” that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.

Affected configurations

NVD

Node

novellgroupwise_messengerMatch2.0

novellgroupwise_messengerMatch2.0.2

novellgroupwise_messengerMatch2.0.3

CPENameOperatorVersion
novell:groupwise_messengernovell groupwise messengereq2.0
novell:groupwise_messengernovell groupwise messengereq2.0.2
novell:groupwise_messengernovell groupwise messengereq2.0.3

CPE	Name	Operator	Version
novell:groupwise_messenger	novell groupwise messenger	eq	2.0
novell:groupwise_messenger	novell groupwise messenger	eq	2.0.2
novell:groupwise_messenger	novell groupwise messenger	eq	2.0.3