CVE-2012-0439

Sažetak

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.

Reference

http://www.novell.com/support/kb/doc.php?id=7011688
http://www.zerodayinitiative.com/advisories/ZDI-13-008/
https://bugzilla.novell.com/show_bug.cgi?id=712144
https://bugzilla.novell.com/show_bug.cgi?id=743674

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

25-02-2013 - 05:00

Objavljeno

24-02-2013 - 04:37