Detections
Analytics

Groove < 3.1.0 Build 2338 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 2923

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running Groove, a virtual office workspace that allows remote users to collaborate via the Internet. Groove uses centralized servers to keep remote workers synchronized with each other. This version of Groove is vulnerable to multiple remote attacks. The attacks stem from a lack of content parsing by the Groove product. An attacker exploiting these flaws would need to be able to entice a Groove user into opening or viewing malicious files or data from within the Groove application. Successful exploitation leads to the attacker being able to execute arbitrary code on the unsuspecting user.

Solution

Upgrade to version 3.1.0 build 2338 or higher.

See Also

http://www.kb.cert.org/vuls/id/155610

http://www.kb.cert.org/vuls/id/232232

http://www.kb.cert.org/vuls/id/372618

http://www.kb.cert.org/vuls/id/443370

http://www.kb.cert.org/vuls/id/514386

Plugin Details

Severity: Critical

ID: 2923

Family: Generic

Published: 5/19/2005

Updated: 3/6/2019

Nessus ID: 18355

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:groove

Reference Information

CVE: CVE-2005-1675, CVE-2005-1676, CVE-2005-1677, CVE-2005-1678

BID: 13682, 13684, 13685, 13686, 13688