Skip to main content

Groupwise CVE-2012-0439

CRITICAL
Code Injection (CWE-94)
2013-02-24 cve@mitre.org
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Feb 24, 2013 - 04:37 cve.org
CRITICAL 9.3

DescriptionCVE.org

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.

AnalysisAI

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.3%.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method. Affected products include: Novell Groupwise. Version information: before 8.0.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2012-0419 MEDIUM POC
5.0 Sep 28

Directory traversal vulnerability in the agent HTTP interfaces in Novell GroupWise 8.0 before Support Pack 3 and 2012 be

CVE-2012-0271 CRITICAL POC
10.0 Sep 19

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 befo

CVE-2013-0804 CRITICAL POC
10.0 Feb 24

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary

CVE-2016-5762 CRITICAL
9.8 Apr 20

Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remo

CVE-2014-0610 CRITICAL
10.0 Sep 05

The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and 2014 before SP1 on Windows allows remote attackers

CVE-2012-0417 CRITICAL
10.0 Sep 28

Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Suppor

CVE-2012-0418 CRITICAL
9.3 Sep 28

Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on

CVE-2014-0600 HIGH
7.8 Aug 29

FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or w

CVE-2018-12468 HIGH
7.2 Aug 01

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attack

CVE-2016-9169 MEDIUM
6.1 Mar 23

A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2

CVE-2016-5761 MEDIUM
6.1 Apr 20

Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote att

CVE-2016-5760 MEDIUM
6.1 Apr 20

Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Serv

Share

CVE-2012-0439 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy