Environment
Novell GroupWise Messenger 2.0.2
Situation
A vulnerability exists in the Novell GroupWise Messenger Client version 2.0.2 (GWIM) for Windows that could allow an attacker to execute arbitrary code on a compromised workstation. The vulnerability takes the form of a remote buffer overflow in the client, caused by spoofed server responses to valid client requests. All versions of the Windows client, prior to the patch for this issue, are vulnerable.
Resolution
Status
Security AlertAdditional Information
Thanks to Francisco Amato of Infobyte Security Research for discovering and reporting both vulnerabilities.
CVE #s are forthcoming.