Heap-Based Buffer Overflow in Novell GroupWise Internet Agent
CVE-2011-0333

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 8 October 2011

What is CVE-2011-0333?

A heap-based buffer overflow vulnerability exists in the NgwiCalVTimeZoneBody::ParseSelf function within gwwww1.dll in Novell's GroupWise Internet Agent. This vulnerability allows remote attackers to exploit a crafted TZNAME variable in a VCALENDAR attachment within an email, potentially leading to arbitrary code execution. The vulnerability arises due to an integer truncation error, which can be leveraged by attackers to manipulate the memory flow of the software and execute unintended commands.

References

https://labs.idefense.com/verisign/intelligence/2009/vuln...

third-party-advisoryx_refsource_IDEFENSE

http://secunia.com/secunia_research/2011-66/

x_refsource_MISC

https://bugzilla.novell.com/show_bug.cgi?id=678715

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 8, 2011