CVE-2010-4711

Novell GroupWise < 8.0.2 - Remote Code Execution via IMAP LIST Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4711. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit targets a double-free vulnerability in Novell Groupwise Internet Agent's IMAP server via a malformed LIST command with an oversized parameter, leading to remote code execution. The PoC sends a large buffer to trigger the vulnerability without requiring authentication.

Description

Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in a LIST command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdoslinux

https://www.exploit-db.com/exploits/15463

View Code ZIP pw:eip

This exploit targets a double-free vulnerability in Novell Groupwise Internet Agent's IMAP server via a malformed LIST command with an oversized parameter, leading to remote code execution. The PoC sends a large buffer to trigger the vulnerability without requiring authentication.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Novell Groupwise Internet Agent (IMAP server component)

No auth needed

Prerequisites: Network access to TCP port 143 (IMAP)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

http://zerodayinitiative.com/advisories/ZDI-10-242/

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7007151&sliceId=1

Various Sources x_refsource_confirm

http://www.facebook.com/note.php?note_id=477865030928

Issue Tracking x_refsource_confirm

https://bugzilla.novell.com/show_bug.cgi?id=647519

Scores

EPSS 0.1359

EPSS Percentile 96.0%

Details

CWE

CWE-399

Status published

Products (23)

novell/groupwise 4.1

novell/groupwise 4.1a

novell/groupwise 5.0

novell/groupwise 5.1

novell/groupwise 5.2

novell/groupwise 5.5 (2 CPE variants)

novell/groupwise 5.57e

novell/groupwise 6.0 (3 CPE variants)

novell/groupwise 6.0.1 sp1

novell/groupwise 6.5 (7 CPE variants)

... and 13 more

Published Jan 31, 2011

Tracked Since Feb 18, 2026