Novell GroupWise Client ActiveX SetEngine Pointer Manipulation

2013-02-18T00:00:00
ID SAINT:50E4794F483E3EB3DD9C7FD42FA73CC1
Type saint
Reporter SAINT Corporation
Modified 2013-02-18T00:00:00

Description

Added: 02/18/2013
CVE: CVE-2012-0439
BID: 57658
OSVDB: 89700

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker to execute arbitrary memory.

Resolution

Apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1.

References

<http://www.novell.com/support/kb/doc.php?id=7011688>
<http://www.zerodayinitiative.com/advisories/ZDI-13-008/>

Limitations

This exploit has been tested against Novell GroupWise Client for Windows 2012 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows