This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Client. User interaction is required to exploit this vulnerability in that the target must open a malicious e-mail message.
The specific flaw exists within the component responsible for parsing DOCX attachment files. When handling the "Relationship Id" field within such a file, the process copies the contents into a static buffer on the stack. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user running the mail client.