Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008
CVE: CVE-2007-6435
BID: 26875
OSVDB: 40870

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a specially crafted SRC attribute.

Resolution

Apply GroupWise 6.5.6 Update 2.

References

http://www.securityfocus.com/archive/1/485100

Limitations

Exploit works on Novell GroupWise Client 6.5.6 and requires a user to reply to or forward the exploit e-mail.

The HTML Preview option must be enabled in Novell GroupWise Client in order for this exploit to succeed.

Platforms

Windows 2000
Windows XP

Back to exploit index