Remote Code Execution Vulnerability in Novell GroupWise by Novell
CVE-2012-0439

Currently unrated

Key Information:

Vendor
Novell
Status
Groupwise
Vendor
CVE Published:
24 February 2013

Summary

A vulnerability exists in the ActiveX control (gwcls1.dll) within Novell GroupWise that allows remote attackers to execute arbitrary code. This can be achieved by manipulating pointer arguments in specific method calls, which may lead to unauthorized access and compromise system integrity. Users of Novell GroupWise 8.0 (prior to 8.0.3 HP2) and GroupWise 2012 (prior to SP1 HP1) are particularly at risk, highlighting the importance of prompt updates and security measures against potential exploits.

References

https://bugzilla.novell.com/show_bug.cgi?id=743674
x_refsource_CONFIRM
https://bugzilla.novell.com/show_bug.cgi?id=712144
x_refsource_CONFIRM
http://www.zerodayinitiative.com/advisories/ZDI-13-008/
x_refsource_MISC

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2012-0439 : Remote Code Execution Vulnerability in Novell GroupWise by Novell | SecurityVulnerability.io