Novell GroupWise Multiple Remote Code Execution Vulnerabilities
|Vulnerable Versions:||220.127.116.1186 and probably prior|
|Tested Version:||18.104.22.16886 on Windows 7 SP1 and Internet Explorer 9.0|
|Advisory Publication:||November 26, 2012 [without technical details]|
|Vendor Notification:||November 26, 2012|
|Vendor Fix:||January 30, 2013|
|Public Disclosure:||April 3, 2013|
|Latest Update:||January 31, 2013|
|Vulnerability Type:||Untrusted Pointer Dereference [CWE-822]|
|CVSSv2 Base Score:||9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
|Solution Status:||Fixed by Vendor|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered multiple untrusted pointer dereference vulnerabilities in Novell GroupWise, which could be exploited to compromise a remote system.
|Apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1|
| High-Tech Bridge Advisory HTB23131 - https://www.htbridge.com/advisory/HTB23131 - Novell GroupWise Multiple Remote Code Execution Vulnerabilities.|
 Novell Inc. - http://www.novell.com - Novell GroupWise is a collaboration software for large enterprises.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
 Novell GroupWise Untrusted Pointer Dereference Exploitation - https://www.htbridge.com/publications/novell_groupwise_untrusted_pointer_dereference_exploitation.html
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.