Novell Groupwise Client DOCX Loader Relationship Id Remote Code Execution Vulnerability

ID ZDI-11-286
Type zdi
Reporter Anonymous
Modified 2011-06-22T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Client. User interaction is required to exploit this vulnerability in that the target must open a malicious e-mail message. The specific flaw exists within the component responsible for parsing DOCX attachment files. When handling the "Relationship Id" field within such a file, the process copies the contents into a static buffer on the stack. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user running the mail client.