Stay in touch

Enter your email and get the latest news and researches on cybersecurity, receive invitations to private security events and conferences.

CVE-2013-0804: Novell GroupWise Untrusted Pointer Dereference Exploitation

Wednesday, April 3, 2013 By

In November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.


Authors: Brian Mariani, Senior Security Auditor, High-Tech Bridge
Frederic Bourla, Chief Security Specialist, High-Tech Bridge

On the 24th of November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. On the 26th November 2012, High-Tech Bridge Security Research Lab informed Novell about these vulnerabilities, which existed in two core ActiveX modules. On the 30th of January 2013, Novell published Security Bulletin and released a security patch. Finally, on the 3rd of April 2013 High-Tech Bridge Security Research Lab disclosed advisory details. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.



User Comments and Opinions
Add Comment