CVE-2010-2777

Novell GroupWise <7.0-8.0 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2777. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit targets a stack overflow vulnerability in Novell Groupwise Internet Agent's IMAP CREATE verb. It sends an overly long mailbox name to trigger a buffer overflow, potentially leading to remote code execution.

Description

Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute arbitrary code via a long mailbox name in a CREATE command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Francis Provencher · textdosmultiple
https://www.exploit-db.com/exploits/14379

This exploit targets a stack overflow vulnerability in Novell Groupwise Internet Agent's IMAP CREATE verb. It sends an overly long mailbox name to trigger a buffer overflow, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Novell Groupwise Internet Agent (versions 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x)
Auth required
Prerequisites: Network access to the target IMAP service (port 143) · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=597331
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-10-129/

Scores

EPSS 0.1039
EPSS Percentile 95.1%

Details

CWE
CWE-119
Status published
Products (2)
novell/groupwise 7.0 sp1 (4 CPE variants)
novell/groupwise 8.0 (2 CPE variants)
Published Jan 28, 2011
Tracked Since Feb 18, 2026