GroupWise Internet Agent < 8.0.2 HP2 Email Message VCALENDAR Data TZID Variable Remote Overflow

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
buffer overflow vulnerability.

Description :

The version of GroupWise Internet Agent installed on the remote host
is older than 8.0.2.12377 and hence reportedly affected by an buffer
overflow vulnerability. The installed version fails to correctly
parse 'VCALENDAR' data within an email message containing a specially
crafted 'TZID' variable value.

Successful exploitation of this issue could result in arbitrary code
execution on the remote system with SYSTEM privileges.
(ZDI-11-027)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-027/
http://seclists.org/fulldisclosure/2011/Jan/488
http://www.novell.com/support/viewContent.do?externalId=7007638

Solution :

Update GWIA to version 8.0.2 Hot Patch 2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 51815 ()

Bugtraq ID: 46025

CVE ID: CVE-2010-4325

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now