Novell.GroupWise.Client.Windows.ActiveX.Code.Execution
Description
This indicates an attack attempt to exploit a Memory Corruption vulnerability in Novell GroupWise Client for Windows.
The vulnerability, which is located in the "gwcls1.dll" ActiveX control, can be exploited through misuse of "pXPItem" property. It may allow remote attackers to execute arbitrary code in the context of the application, using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.
Affected Products
Novell GroupWise Client for Windows 2012 prior to SP1 Hot Patch 1
Novell GroupWise Client for Windows 8.0x prior to 8.0.3 Hot Patch 2
Impact
System Compromise: Remote attackers can execute arbitrary code within the context of the targeted user.
Recommended Actions
Refer to the vendor's website for patch.
http://www.novell.com/support/kb/doc.php?id=7011688
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |