APP: Novell GroupWise Addressbook Parsing Integer Overflow
A heap buffer overflow vulnerability has been identified in Novell Groupware Client. The vulnerability is due to an integer overflow while parsing Novell Address Book files. An attacker can exploit this vulnerability by enticing a user to open a malformed Novell Address Book (.nab) file containing an overly long token. A successful attack would lead to injection and execution of arbitrary code in the security context of the target user. If the code execution attempt does not succeed, the application may terminate abnormally.
Extended Description
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file.
References
CVE: CVE-2012-0418
Short Name
APP:NOVELL:GROUPWISE-ADDRESSBK
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Addressbook CVE-2012-0418 GroupWise Integer Novell Overflow Parsing
Release Date
09/26/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
CVSS Score
9.3