Lucene search
SAINT CorporationSAINT:6B277A3041FEF0378FAAA358CAFD4337HistoryFeb 18, 2013 - 12:00 a.m.
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-1800:00:00
SAINT Corporation
www.saintcorporation.com
15
0.967 High
EPSS
Percentile
99.7%
Added: 02/18/2013
CVE: CVE-2012-0439
BID: 57658
OSVDB: 89700
Background
Novell GroupWise is an e-mail and collaboration product suite.
Problem
Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker to execute arbitrary memory.
Resolution
Apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1.
References
<http://www.novell.com/support/kb/doc.php?id=7011688>
<http://www.zerodayinitiative.com/advisories/ZDI-13-008/>
Limitations
This exploit has been tested against Novell GroupWise Client for Windows 2012 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Platforms
Windows
Related
nvd
nvd
CVE-2012-0439
2013-02-24 04:37:19
saint
saint
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-18 00:00:00
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-18 00:00:00
Novell GroupWise Client ActiveX SetEngine Pointer Manipulation
2013-02-18 00:00:00
cve
cve
CVE-2012-0439
2022-10-03 16:15:41
checkpoint_advisories
checkpoint_advisories
Novell GroupWise Client for Windows ActiveX Code Execution (CVE-2012-0439)
2013-06-30 00:00:00
prion
prion
Design/Logic Flaw
2013-02-24 04:37:00
zdi
zdi
packetstorm
packetstorm
Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution
2013-02-12 00:00:00
cvelist
cvelist
CVE-2012-0439
2022-10-03 16:15:41
d2
d2
DSquare Exploit Pack: D2SEC_GWCLS
2013-02-24 04:37:00
nessus
nessus