Remote Code Execution Vulnerability in Novell GroupWise Client
CVE-2011-4189

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 2 March 2012

Summary

The Novell GroupWise client versions 8.0 through 8.02HP3 contain a vulnerability that enables remote attackers to execute arbitrary code or instigate a denial of service. This flaw is triggered by the input of excessively long email addresses into Address Book files (.NAB), leading to heap memory corruption. The malicious manipulation can cause application crashes, posing significant risks to users' systems and data integrity.

References

http://osvdb.org/79720

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/73588

vdb-entryx_refsource_XF

https://bugzilla.novell.com/show_bug.cgi?id=733885

x_refsource_CONFIRM

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 2, 2012
Vulnerability Reserved
Oct 25, 2011