CVE-2006-0992

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise Messenger
Vendor: CVE Published:; 14 April 2006

Summary

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.

References

http://metasploit.blogspot.com/2006/04/exploit-developmen...

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-06-008.html

x_refsource_MISC

http://www.osvdb.org/24617

vdb-entryx_refsource_OSVDB

EPSS Score

86% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 14, 2006
Vulnerability Reserved
Mar 3, 2006

Collectors

NVD DatabaseMitre Database