Novell GroupWise Client 8.x < 8.0.3 / 2012.x < 2012 SP1 Unspecified File Handling Arbitrary Code Execution

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an email application that is affected
by an unspecified code execution vulnerability.

Description :

The version of Novell GroupWise Client installed on the remote Windows
host is 8.x earlier than 8.0.3 (8.0.3.21955) or 2012.x earlier than 2012
SP1 (12.0.1.13731). As such, it is reportedly affected by an
unspecified code execution vulnerability.

By tricking a user into opening a specially crafted file, a remote,
unauthenticated attacker could potentially execute arbitrary code on the
remote host subject to the privileges of the user running the affected
application.

See also :

http://www.novell.com/support/kb/doc.php?id=7010771

Solution :

Upgrade to Novell GroupWise Client 8.0.3 (8.0.3.21955) / 2012 SP1
(12.0.1.13731) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62412 ()

Bugtraq ID: 55729

CVE ID: CVE-2012-0418

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now