vendor:
GroupWise 7.0
by:
Juan Pablo Lopez Yacubian
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: GroupWise 7.0
Affected Version From: GroupWise 7.0
Affected Version To: GroupWise 7.0
Patch Exists: NO
Related CWE: N/A
CPE: a:novell:groupwise_7.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Xp
2008
GroupWise 7.0 Buffer Overflow Vulnerability
GroupWise 7.0 is vulnerable to a buffer overflow vulnerability when a maliciously crafted mailto scheme is used as the default mail client. This can lead to the overwriting of the EIP and execution of arbitrary code. A proof of concept is provided which creates an HTML file with an iframe containing a mailto scheme with an extensive argument, causing the buffer overflow.
Mitigation:
Ensure that GroupWise 7.0 is not used as the default mail client.