Novell GroupWise is an e-mail and collaboration product suite.
Several methods in the GroupWise ActiveX plugin do not validate user-supplied pointers that are passed as function arguments. This may allow an attacker to execute arbitrary memory.
Apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1.
This exploit has been tested against Novell GroupWise Client for Windows 2012 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).