CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.7%
Added: 02/18/2013
CVE: CVE-2012-0439
BID: 57658
OSVDB: 89700
Novell GroupWise is an e-mail and collaboration product suite.
Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker to execute arbitrary memory.
Apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1.
<http://www.novell.com/support/kb/doc.php?id=7011688>
<http://www.zerodayinitiative.com/advisories/ZDI-13-008/>
This exploit has been tested against Novell GroupWise Client for Windows 2012 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Windows