CVE-2010-4325
Novell Groupwise iCal COMMENT, RRULE, TZNAME Remote Code Execution Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR message.
Desbordamiento de búfer en gwwww1.dll en GroupWise Internet Agent (GWIA) en Novell GroupWise anterior a v8.02HP2 permite a atacantes remotos ejecutar código arbitrario a través de una variable TZID manipulada en un mensaje VCALENDAR.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. Authentication is not required to exploit this vulnerability.
Multiple flaws exist within the gwwww1.dll module responsible for parsing VCALENDAR data within e-mail messages. When encountering a RRULE, COMMENT, or TZNAME parameter a static sized memory buffer is allocated. Insufficient checks are performed to ensure the size of the parameter's value can be contained in this buffer. An attacker can overflow the buffer and execute arbitrary code under the context of the SYSTEM user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-29 CVE Reserved
- 2011-01-26 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://osvdb.org/70676 | Vdb Entry | |
http://secunia.com/advisories/43089 | Third Party Advisory | |
http://www.novell.com/support/viewContent.do?externalId=7009212 | X_refsource_confirm | |
http://www.securityfocus.com/archive/1/516002/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/46025 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-11-027 | X_refsource_misc | |
https://bugzilla.novell.com/show_bug.cgi?id=657818 | X_refsource_confirm | |
https://bugzilla.novell.com/show_bug.cgi?id=685304 | X_refsource_confirm | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/64928 | Vdb Entry | |
https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=944 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.novell.com/support/viewContent.do?externalId=7007638&sliceId=1 | 2018-10-10 | |
http://www.vupen.com/english/advisories/2011/0220 | 2018-10-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | <= 8.0.2 Search vendor "Novell" for product "Groupwise" and version " <= 8.0.2" | hp1 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 4.1 Search vendor "Novell" for product "Groupwise" and version "4.1" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 4.1a Search vendor "Novell" for product "Groupwise" and version "4.1a" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.0 Search vendor "Novell" for product "Groupwise" and version "5.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.1 Search vendor "Novell" for product "Groupwise" and version "5.1" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.2 Search vendor "Novell" for product "Groupwise" and version "5.2" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.5 Search vendor "Novell" for product "Groupwise" and version "5.5" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.5 Search vendor "Novell" for product "Groupwise" and version "5.5" | enhancement_pack |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 5.57e Search vendor "Novell" for product "Groupwise" and version "5.57e" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | sp1 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0 Search vendor "Novell" for product "Groupwise" and version "6.0" | sp5 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.0.1 Search vendor "Novell" for product "Groupwise" and version "6.0.1" | sp1 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp1 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp2 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp3 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp4 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp5 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5 Search vendor "Novell" for product "Groupwise" and version "6.5" | sp6 |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.2 Search vendor "Novell" for product "Groupwise" and version "6.5.2" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.3 Search vendor "Novell" for product "Groupwise" and version "6.5.3" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.4 Search vendor "Novell" for product "Groupwise" and version "6.5.4" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.6 Search vendor "Novell" for product "Groupwise" and version "6.5.6" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 6.5.7 Search vendor "Novell" for product "Groupwise" and version "6.5.7" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0 Search vendor "Novell" for product "Groupwise" and version "7.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.1 Search vendor "Novell" for product "Groupwise" and version "7.0.1" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.2 Search vendor "Novell" for product "Groupwise" and version "7.0.2" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.3 Search vendor "Novell" for product "Groupwise" and version "7.0.3" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 7.0.4 Search vendor "Novell" for product "Groupwise" and version "7.0.4" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 8.0 Search vendor "Novell" for product "Groupwise" and version "8.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Groupwise Search vendor "Novell" for product "Groupwise" | 8.0.1 Search vendor "Novell" for product "Groupwise" and version "8.0.1" | - |
Affected
|