Novell Messenger Client Import Command Remote Code Execution
High Nessus Plugin ID 65675
SynopsisThe remote host has software installed that is affected by an arbitrary code execution vulnerability.
DescriptionThe installed version of Novell Messenger (formerly GroupWise Messenger Client) is affected by a buffer overflow vulnerability that can be triggered by providing a large filename parameter to the import command via the 'nim://' protocol. By tricking a user into opening a specially crafted page or file, it may be possible to execute arbitrary code.
SolutionUpgrade to Novell Messenger 2.2.2 or later.