Novell GroupWise Client 8.x < 8.0.3 Hot Patch 2 / 2012.x < 2012 SP1 Hot Patch 1 Multiple Vulnerabilities

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an email application that is affected
by multiple vulnerabilities.

Description :

The version of Novell GroupWise Client installed on the remote Windows
host is 8.x prior to 8.0.3 Hot Patch 2 (8.0.3.26516) or 2012.x prior to
2012 SP1 Hot Patch 1 (12.0.1.16521). It is, therefore, reportedly
affected by the following vulnerabilities :

- An unspecified error exists related to an ActiveX
control that could allow arbitrary code execution.
(CVE-2012-0439)

- Multiple pointer dereference errors exist that could
allow arbitrary code execution. (CVE-2013-0804)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-008/
http://www.securityfocus.com/archive/1/526169/30/0/threaded
http://www.novell.com/support/kb/doc.php?id=7011687
http://www.novell.com/support/kb/doc.php?id=7011688

Solution :

Upgrade to Novell GroupWise Client 8.0.3 Hot Patch 2 (8.0.3.26516) /
2012 SP1 Hot Patch 1 (12.0.1.16521) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 64471 ()

Bugtraq ID: 57657
57658

CVE ID: CVE-2012-0439
CVE-2013-0804

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now