CVE-2013-0804: Novell GroupWise Untrusted Pointer Dereference ExploitationApril 3, 2013
|Authors:||Brian Mariani, Senior Security Auditor, High-Tech Bridge|
Frederic Bourla, Chief Security Specialist, High-Tech Bridge
On the 24th of November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. On the 26th November 2012, High-Tech Bridge Security Research Lab informed Novell about these vulnerabilities, which existed in two core ActiveX modules. On the 30th of January 2013, Novell published Security Bulletin and released a security patch. Finally, on the 3rd of April 2013 High-Tech Bridge Security Research Lab disclosed advisory details. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.
Video: Novell GroupWise Untrusted Pointer Dereference Exploitation
Exploit files (Novell-GroupWise-exploit.rar) password: htbridge (5 kB)