Vulnerability Description
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmta.exe in the Message Transfer Agent, (3) gwia.exe in the Internet Agent, (4) the WebAccess Agent, or (5) the Monitor Agent.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Groupwise | <= 8.0.2 |
Related Weaknesses (CWE)
References
- http://www.facebook.com/note.php?note_id=477865030928
- http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-10-247/
- https://bugzilla.novell.com/show_bug.cgi?id=627942
- http://www.facebook.com/note.php?note_id=477865030928
- http://www.novell.com/support/viewContent.do?externalId=7007159&sliceId=1Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-10-247/
- https://bugzilla.novell.com/show_bug.cgi?id=627942
FAQ
What is CVE-2010-4714?
CVE-2010-4714 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwmt...
How severe is CVE-2010-4714?
CVE-2010-4714 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4714?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Groupwise.