Stay in touch

Get our research, blog and event invitations before everybody else!

Your data will stay confidential Private and Confidential

CVE-2013-0804: Novell GroupWise Untrusted Pointer Dereference Exploitation

Wednesday, April 3, 2013 By

In November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.


Authors: Brian Mariani, Senior Security Auditor, High-Tech Bridge
Frederic Bourla, Chief Security Specialist, High-Tech Bridge

On the 24th of November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. On the 26th November 2012, High-Tech Bridge Security Research Lab informed Novell about these vulnerabilities, which existed in two core ActiveX modules. On the 30th of January 2013, Novell published Security Bulletin and released a security patch. Finally, on the 3rd of April 2013 High-Tech Bridge Security Research Lab disclosed advisory details. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.




User Comments
Add Comment

High-Tech Bridge on Facebook High-Tech Bridge on Twitter High-Tech Bridge on LinkedIn High-Tech Bridge RSS Feeds Send by Email
Share