Environment
Affected versions:
Novell Messenger 2.2.1 (and earlier)
Novell Messenger 2.1 (and earlier)
GroupWise Messenger 2.04 (and earlier)
Novell Messenger 2.2.1 (and earlier)
Novell Messenger 2.1 (and earlier)
GroupWise Messenger 2.04 (and earlier)
Situation
The Novell Messenger client for Windows is vulnerable to a buffer overflow vulnerability that could be exploited by a remote attacker to execute arbitrary code on vulnerable workstations.
This vulnerability was discovered and reported by Luigi Auriemma working with HP Enterprise Security's Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-1339
Novell bug 777352, CVE-2013-1085
This vulnerability was discovered and reported by Luigi Auriemma working with HP Enterprise Security's Zero Day Initiative (http://www.zerodayinitiative.com), ZDI-CAN-1339
Novell bug 777352, CVE-2013-1085
Resolution
To resolve this issue, upgrade your Novell Messenger clients for Windows to version 2.2.2 (or higher).
Bug Number
777352