CVE-2011-4189

Novell GroupWise <8.02HP3 - RCE

Title source: llm

Description

The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file.

Exploits (1)

exploitdb WORKING POC

by Francis Provencher · textdoswindows

https://www.exploit-db.com/exploits/18546

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://www.novell.com/support/viewContent.do?externalId=7010205

[Exploit] http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=37&Itemid=37

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52233

[Issue Tracking] https://bugzilla.novell.com/show_bug.cgi?id=733885

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73588

[Third Party Advisory, VDB Entry] http://osvdb.org/79720

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026753

[Third Party Advisory] http://secunia.com/advisories/48199

Scores

EPSS 0.3019

EPSS Percentile 96.6%

Classification

CWE

CWE-94

Status draft

Affected Products (7)

novell/groupwise

Timeline

Published Mar 02, 2012

Tracked Since Feb 18, 2026