Vulnerability Description
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Groove | Groove Workspace | <= 2.5n_build_1871 |
| Groove | Virtual Office | <= 3.1_build_2338 |
References
- http://secunia.com/advisories/15421PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/232232Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JGEI-6BCRD6Third Party AdvisoryUS Government Resource
- http://secunia.com/advisories/15421PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/232232Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/JGEI-6BCRD6Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2005-1678?
CVE-2005-1678 is a vulnerability with a CVSS score of 2.6 (LOW). Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound d...
How severe is CVE-2005-1678?
CVE-2005-1678 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1678?
Check the references section above for vendor advisories and patch information. Affected products include: Groove Groove Workspace, Groove Virtual Office.