CVE-2008-2703

Novell Groupwise Messenger - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16814
exploitdb WORKING POC VERIFIED
by Francisco Amato · perldosnovell
https://www.exploit-db.com/exploits/31889
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/novell/groupwisemessenger_client.rb

References (7)

Scores

EPSS 0.8022
EPSS Percentile 99.1%

Details

CWE
CWE-119
Status published
Products (3)
novell/groupwise_messenger 2.0
novell/groupwise_messenger 2.0.2
novell/groupwise_messenger 2.0.3
Published Jun 13, 2008
Tracked Since Feb 18, 2026