Lucene search

[email protected]CVE-2012-0439

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-0439

2022-10-0316:15:41

CWE-94

[email protected]

web.nvd.nist.gov

cve-2012-0439

activex

novell groupwise

remote code execution

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.967 High

EPSS

Percentile

99.7%

JSON

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.

Affected configurations

NVD

Node

novellgroupwiseMatch8.0

novellgroupwiseMatch8.00hp1

novellgroupwiseMatch8.00hp2

novellgroupwiseMatch8.00hp3

novellgroupwiseMatch8.01

novellgroupwiseMatch8.01hp

novellgroupwiseMatch8.02

novellgroupwiseMatch8.02hp1

novellgroupwiseMatch8.02hp2

novellgroupwiseMatch8.02hp3

novellgroupwiseMatch8.03

novellgroupwiseMatch8.03hp1

Node

novellgroupwiseMatch2012

novellgroupwiseMatch2012sp1

CPENameOperatorVersion
novell:groupwisenovell groupwiseeq8.0
novell:groupwisenovell groupwiseeq8.00
novell:groupwisenovell groupwiseeq8.01
novell:groupwisenovell groupwiseeq8.02
novell:groupwisenovell groupwiseeq8.03

CPE	Name	Operator	Version
novell:groupwise	novell groupwise	eq	8.0
novell:groupwise	novell groupwise	eq	8.00
novell:groupwise	novell groupwise	eq	8.01
novell:groupwise	novell groupwise	eq	8.02
novell:groupwise	novell groupwise	eq	8.03