Novell.GroupWise.Client.Windows.ActiveX.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Memory Corruption vulnerability in Novell GroupWise Client for Windows.
The vulnerability, which is located in the "gwcls1.dll" ActiveX control, can be exploited through misuse of "pXPItem" property. It may allow remote attackers to execute arbitrary code in the context of the application, using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.

affected-products-logoAffected Products

Novell GroupWise Client for Windows 2012 prior to SP1 Hot Patch 1
Novell GroupWise Client for Windows 8.0x prior to 8.0.3 Hot Patch 2

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code within the context of the targeted user.

recomended-action-logoRecommended Actions

Refer to the vendor's website for patch.
http://www.novell.com/support/kb/doc.php?id=7011688

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)