Detections
Analytics

Novell GroupWise Client 8.x < 8.0.3 / 2012.x < 2012 SP1 Unspecified File Handling Arbitrary Code Execution

high Nessus Plugin ID 62412

Language:

Synopsis

The remote Windows host contains an email application that is affected by an unspecified code execution vulnerability.

Description

The version of Novell GroupWise Client installed on the remote Windows host is 8.x earlier than 8.0.3 (8.0.3.21955) or 2012.x earlier than 2012 SP1 (12.0.1.13731). As such, it is reportedly affected by an unspecified code execution vulnerability.

By tricking a user into opening a specially crafted file, a remote, unauthenticated attacker could potentially execute arbitrary code on the remote host subject to the privileges of the user running the affected application.

Solution

Upgrade to Novell GroupWise Client 8.0.3 (8.0.3.21955) / 2012 SP1 (12.0.1.13731) or later.

See Also

https://support.microfocus.com/kb/doc.php?id=7010771

Plugin Details

Severity: High

ID: 62412

File Name: groupwise_client_803.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 10/3/2012

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:novell:groupwise

Required KB Items: SMB/Novell GroupWise Client/Path, SMB/Novell GroupWise Client/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2012

Vulnerability Publication Date: 9/11/2012

Reference Information

CVE: CVE-2012-0418

BID: 55729