Novell GroupWise Client IMG SRC buffer overflow

2008-01-15T00:00:00
ID SAINT:71DBC665CCCC25AE35E6C60FEB813174
Type saint
Reporter SAINT Corporation
Modified 2008-01-15T00:00:00

Description

Added: 01/15/2008
CVE: CVE-2007-6435
BID: 26875
OSVDB: 40870

Background

Novell GroupWise is an e-mail and collaboration product suite.

Problem

A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a specially crafted SRC attribute.

Resolution

Apply GroupWise 6.5.6 Update 2.

References

<http://www.securityfocus.com/archive/1/485100>

Limitations

Exploit works on Novell GroupWise Client 6.5.6 and requires a user to reply to or forward the exploit e-mail.

The HTML Preview option must be enabled in Novell GroupWise Client in order for this exploit to succeed.

Platforms

Windows 2000
Windows XP