| Vulnerability Name: | CCN-73263 | ||||||
| Published: | 2012-02-16 | ||||||
| Updated: | 2012-02-16 | ||||||
| Summary: | Novell GroupWise Messenger is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the 'name' value of a 'folder' tag. By persuading a victim to open a specially-crafted .nmx file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Luigi Auriemma 16 Feb 2012 Unicode stack overflow in Novell GroupWise Messenger client 2.1.0 Source: CCN Type: SA48126 Novell Messenger Client Contact File Processing Buffer Overflow Vulnerability Source: CCN Type: Novell GroupWise Web site NOVELL: Novell GroupWise Source: CCN Type: OSVDB ID: 79426 Novell Messenger Client Boundary Error Folder Tag Name Value Contact List File Handling Remote Overflow Source: CCN Type: BID-52062 Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability Source: XF Type: UNKNOWN groupwise-nmx-bo(73263) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||