Novell GroupWise Client Address Book File Handling Email Address Field Remote Overflow

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains an email application that is
affected by a remote buffer overflow vulnerability.

Description :

The version of Novell GroupWise Client 8.x installed on the remote
Windows host is earlier than 8.0.2 post-HP3. As such, it is
reportedly affected by a buffer overflow vulnerability when parsing an
Address Book (.nab) file with an overly long email address.

By tricking a user into opening a specially crafted Address Book file,
a remote, unauthenticated attacker could potentially execute arbitrary
code on the remote host subject to the privileges of the user running
the affected application.

See also :

Solution :

Upgrade to Novell GroupWise Client 8.0.2 post-HP3 ( or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 58402 ()

Bugtraq ID: 52233

CVE ID: CVE-2011-4189

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now