HTTP: Novell GroupWise Client Unsafe ActiveX control

This signature detects attempts to use unsafe ActiveX controls in the Novell GroupWise Client. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Extended Description

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.

Affected Products

Novell groupwise

References

BugTraq: 57657

CVE: CVE-2013-0804

Short Name
HTTP:STC:ACTIVEX:NOVELL-GRPWISE
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2013-0804 Client GroupWise Novell Unsafe bid:57657 control
Release Date
04/25/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Novell

CVSS Score

10.0

Found a potential security threat?