Novell GroupWise Messenger 2.0.2 Security Vulnerability Report

  • 7000676
  • 16-Jun-2008
  • 26-Apr-2012

Environment

Novell GroupWise Messenger 2.0.2

Situation

A vulnerability exists in the Novell GroupWise Messenger Client version 2.0.2 (GWIM) for Windows that could allow an attacker to execute arbitrary code on a compromised workstation. The vulnerability takes the form of a remote buffer overflow in the client, caused by spoofed server responses to valid client requests. All versions of the Windows client, prior to the patch for this issue, are vulnerable.

Resolution

Status

Security Alert

Additional Information

Thanks to Francisco Amato of Infobyte Security Research for discovering and reporting both vulnerabilities.
CVE #s are forthcoming.