Vulnerability Description
An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Groupwise | 8.0 |
Related Weaknesses (CWE)
References
- http://www.novell.com/support/kb/doc.php?id=7011688Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-13-008/
- https://bugzilla.novell.com/show_bug.cgi?id=712144
- https://bugzilla.novell.com/show_bug.cgi?id=743674
- http://www.novell.com/support/kb/doc.php?id=7011688Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-13-008/
- https://bugzilla.novell.com/show_bug.cgi?id=712144
- https://bugzilla.novell.com/show_bug.cgi?id=743674
FAQ
What is CVE-2012-0439?
CVE-2012-0439 is a vulnerability with a CVSS score of 9.3 (HIGH). An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetE...
How severe is CVE-2012-0439?
CVE-2012-0439 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0439?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Groupwise.