// For flags

CVE-2010-4325

Novell Groupwise iCal COMMENT, RRULE, TZNAME Remote Code Execution Vulnerabilities

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.

Desbordamiento de búfer en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise anterior a v8.02HP2 permite a atacantes remotos ejecutar código arbitrario a través de una variable TZID manipulada en un mensaje VCALENDAR.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability.
Multiple flaws exist within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When encountering a RRULE, COMMENT, or TZNAME parameter a static sized memory buffer is allocated. Insufficient checks are performed to ensure the size of the parameter's value can be contained in this buffer. An attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-11-29 CVE Reserved
  • 2011-01-26 CVE Published
  • 2024-06-25 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
<= 8.0.2
Search vendor "Novell" for product "Groupwise" and version " <= 8.0.2"
hp1
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
4.1
Search vendor "Novell" for product "Groupwise" and version "4.1"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
4.1a
Search vendor "Novell" for product "Groupwise" and version "4.1a"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
5.0
Search vendor "Novell" for product "Groupwise" and version "5.0"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
5.1
Search vendor "Novell" for product "Groupwise" and version "5.1"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
5.2
Search vendor "Novell" for product "Groupwise" and version "5.2"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
5.5
Search vendor "Novell" for product "Groupwise" and version "5.5"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
5.5
Search vendor "Novell" for product "Groupwise" and version "5.5"
enhancement_pack
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
5.57e
Search vendor "Novell" for product "Groupwise" and version "5.57e"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.0
Search vendor "Novell" for product "Groupwise" and version "6.0"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.0
Search vendor "Novell" for product "Groupwise" and version "6.0"
sp1
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.0
Search vendor "Novell" for product "Groupwise" and version "6.0"
sp5
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.0.1
Search vendor "Novell" for product "Groupwise" and version "6.0.1"
sp1
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
sp1
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
sp2
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
sp3
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
sp4
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
sp5
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5
Search vendor "Novell" for product "Groupwise" and version "6.5"
sp6
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5.2
Search vendor "Novell" for product "Groupwise" and version "6.5.2"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5.3
Search vendor "Novell" for product "Groupwise" and version "6.5.3"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5.4
Search vendor "Novell" for product "Groupwise" and version "6.5.4"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5.6
Search vendor "Novell" for product "Groupwise" and version "6.5.6"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
6.5.7
Search vendor "Novell" for product "Groupwise" and version "6.5.7"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0
Search vendor "Novell" for product "Groupwise" and version "7.0"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0.1
Search vendor "Novell" for product "Groupwise" and version "7.0.1"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0.2
Search vendor "Novell" for product "Groupwise" and version "7.0.2"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0.3
Search vendor "Novell" for product "Groupwise" and version "7.0.3"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
7.0.4
Search vendor "Novell" for product "Groupwise" and version "7.0.4"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
8.0
Search vendor "Novell" for product "Groupwise" and version "8.0"
-
Affected
Novell
Search vendor "Novell"
Groupwise
Search vendor "Novell" for product "Groupwise"
8.0.1
Search vendor "Novell" for product "Groupwise" and version "8.0.1"
-
Affected