Vulnerability Description
Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Groupwise Messenger | 2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30576Vendor Advisory
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.Patch
- http://www.securityfocus.com/archive/1/493964/100/0/threaded
- http://www.securityfocus.com/bid/29602
- http://www.securitytracker.com/id?1020209
- http://www.vupen.com/english/advisories/2008/1764/referencesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42917
- http://secunia.com/advisories/30576Vendor Advisory
- http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.Patch
- http://www.securityfocus.com/archive/1/493964/100/0/threaded
- http://www.securityfocus.com/bid/29602
- http://www.securitytracker.com/id?1020209
- http://www.vupen.com/english/advisories/2008/1764/referencesVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42917
FAQ
What is CVE-2008-2703?
CVE-2008-2703 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that cont...
How severe is CVE-2008-2703?
CVE-2008-2703 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2703?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Groupwise Messenger.