CVE-2012-0439

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
novellgroupwise
8.0
novellgroupwise
8.00:hp1
novellgroupwise
8.00:hp2
novellgroupwise
8.00:hp3
novellgroupwise
8.01
novellgroupwise
8.01:hp
novellgroupwise
8.02
novellgroupwise
8.02:hp1
novellgroupwise
8.02:hp2
novellgroupwise
8.02:hp3
novellgroupwise
8.03
novellgroupwise
8.03:hp1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.novell.com/support/kb/doc.php?id=7011688
http://www.zerodayinitiative.com/advisories/ZDI-13-008/
https://bugzilla.novell.com/show_bug.cgi?id=712144
https://bugzilla.novell.com/show_bug.cgi?id=743674
http://www.novell.com/support/kb/doc.php?id=7011688
http://www.zerodayinitiative.com/advisories/ZDI-13-008/
https://bugzilla.novell.com/show_bug.cgi?id=712144
https://bugzilla.novell.com/show_bug.cgi?id=743674