CVE-2010-4325
Novell Groupwise iCal COMMENT, RRULE, TZNAME Remote Code Execution Vulnerabilities
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.
Desbordamiento de búfer en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise anterior a v8.02HP2 permite a atacantes remotos ejecutar código arbitrario a través de una variable TZID manipulada en un mensaje VCALENDAR.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability.
Multiple flaws exist within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When encountering a RRULE, COMMENT, or TZNAME parameter a static sized memory buffer is allocated. Insufficient checks are performed to ensure the size of the parameter's value can be contained in this buffer. An attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
*Credits:
Anonymous
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-11-29 CVE Reserved
- 2011-01-26 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/70676 | Vdb Entry | |
| http://secunia.com/advisories/43089 | Third Party Advisory | |
| http://www.novell.com/support/viewContent.do?externalId=7009212 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/516002/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/46025 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-11-027 | X_refsource_misc |
|
| https://bugzilla.novell.com/show_bug.cgi?id=657818 | X_refsource_confirm | |
| https://bugzilla.novell.com/show_bug.cgi?id=685304 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/64928 | Vdb Entry | |
| https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.novell.com/support/viewContent.do?externalId=7007638&sliceId=1 | 2018-10-10 | |
| http://www.vupen.com/english/advisories/2011/0220 | 2018-10-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | <= 8.0.2 Search vendor "Novell" for product "Groupwise" and version " <= 8.0.2" | hp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 4.1 Search vendor "Novell" for product "Groupwise" and version "4.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 4.1a Search vendor "Novell" for product "Groupwise" and version "4.1a" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.0 Search vendor "Novell" for product "Groupwise" and version "5.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.1 Search vendor "Novell" for product "Groupwise" and version "5.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.2 Search vendor "Novell" for product "Groupwise" and version "5.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.5 Search vendor "Novell" for product "Groupwise" and version "5.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.5 Search vendor "Novell" for product "Groupwise" and version "5.5" | enhancement_pack |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.57e Search vendor "Novell" for product "Groupwise" and version "5.57e" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | sp5 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0.1 Search vendor "Novell" for product "Groupwise" and version "6.0.1" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp2 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp3 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp4 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp5 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp6 |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.2 Search vendor "Novell" for product "Groupwise" and version "6.5.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.3 Search vendor "Novell" for product "Groupwise" and version "6.5.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.4 Search vendor "Novell" for product "Groupwise" and version "6.5.4" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.6 Search vendor "Novell" for product "Groupwise" and version "6.5.6" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.7 Search vendor "Novell" for product "Groupwise" and version "6.5.7" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0 Search vendor "Novell" for product "Groupwise" and version "7.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.1 Search vendor "Novell" for product "Groupwise" and version "7.0.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.2 Search vendor "Novell" for product "Groupwise" and version "7.0.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.3 Search vendor "Novell" for product "Groupwise" and version "7.0.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.4 Search vendor "Novell" for product "Groupwise" and version "7.0.4" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 8.0 Search vendor "Novell" for product "Groupwise" and version "8.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 8.0.1 Search vendor "Novell" for product "Groupwise" and version "8.0.1" | - |
Affected
| ||||||