9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.37 Low
EPSS
Percentile
97.2%
Added: 01/15/2008
CVE: CVE-2007-6435
BID: 26875
OSVDB: 40870
Novell GroupWise is an e-mail and collaboration product suite.
A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a specially crafted SRC attribute.
Apply GroupWise 6.5.6 Update 2.
<http://www.securityfocus.com/archive/1/485100>
Exploit works on Novell GroupWise Client 6.5.6 and requires a user to reply to or forward the exploit e-mail.
The HTML Preview option must be enabled in Novell GroupWise Client in order for this exploit to succeed.
Windows 2000
Windows XP