Novell GroupWise Messenger HTTP response handling buffer overflow

Added: 07/07/2008
CVE: CVE-2008-2703
BID: 29602
OSVDB: 46041

Background

GroupWise Messenger is an instant messaging client for Novell GroupWise.

Problem

Novell GroupWise is affected by a buffer overflow vulnerability which could allow command execution when the client program processes specially crafted HTTP responses.

Resolution

Upgrade to GroupWise Messenger 2.0.3 Hot Patch 1.

References

http://secunia.com/advisories/30576

Limitations

Exploit works on Novell GroupWise Messenger 2.0.0 and requires a user to log into the exploit server from Novell GroupWise Messenger.

Platforms

Windows

Back to exploit index