Novell GroupWise Client Address Book File Handling Email Address Field Remote Overflow
High Nessus Plugin ID 58402
SynopsisThe remote Windows host contains an email application that is affected by a remote buffer overflow vulnerability.
DescriptionThe version of Novell GroupWise Client 8.x installed on the remote Windows host is earlier than 8.0.2 post-HP3. As such, it is reportedly affected by a buffer overflow vulnerability when parsing an Address Book (.nab) file with an overly long email address.
By tricking a user into opening a specially crafted Address Book file, a remote, unauthenticated attacker could potentially execute arbitrary code on the remote host subject to the privileges of the user running the affected application.
SolutionUpgrade to Novell GroupWise Client 8.0.2 post-HP3 (184.108.40.20683) or later.