CVE-2013-0804

Novell GroupWise <8.0.3-2012 - RCE/DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0804. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This is a functional exploit for CVE-2013-0804 targeting Novell GroupWise Client. It leverages a use-after-free vulnerability in the InvokeContact method to achieve remote code execution via heap spraying and memory manipulation.

Description

The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge · htmlremotemultiple
https://www.exploit-db.com/exploits/38250

This is a functional exploit for CVE-2013-0804 targeting Novell GroupWise Client. It leverages a use-after-free vulnerability in the InvokeContact method to achieve remote code execution via heap spraying and memory manipulation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Novell GroupWise Client versions prior to 8.0.3 Hot Patch 2 and GroupWise 2012 SP1 Hot Patch 1
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · Target system must have vulnerable Novell GroupWise Client installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.novell.com/support/kb/doc.php?id=7011687
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23131
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=792535

Scores

EPSS 0.1230
EPSS Percentile 95.7%

Details

CWE
CWE-78
Status published
Products (6)
novell/groupwise 8.0
novell/groupwise 8.00 hp1 (3 CPE variants)
novell/groupwise 8.01 (2 CPE variants)
novell/groupwise 8.02 (4 CPE variants)
novell/groupwise 8.03 (2 CPE variants)
novell/groupwise 2012 (2 CPE variants)
Published Feb 24, 2013
Tracked Since Feb 18, 2026