Remote Code Execution Vulnerability in Novell GroupWise by Novell
CVE-2012-0439

Currently unrated

Key Information:

Vendor: Novell
Status: Groupwise
Vendor: CVE Published:; 24 February 2013

What is CVE-2012-0439?

A vulnerability exists in the ActiveX control (gwcls1.dll) within Novell GroupWise that allows remote attackers to execute arbitrary code. This can be achieved by manipulating pointer arguments in specific method calls, which may lead to unauthorized access and compromise system integrity. Users of Novell GroupWise 8.0 (prior to 8.0.3 HP2) and GroupWise 2012 (prior to SP1 HP1) are particularly at risk, highlighting the importance of prompt updates and security measures against potential exploits.

References

https://bugzilla.novell.com/show_bug.cgi?id=743674

x_refsource_CONFIRM

https://bugzilla.novell.com/show_bug.cgi?id=712144

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-13-008/

x_refsource_MISC

EPSS Score

68% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 24, 2013