Published: 13/06/2008 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client prior to 2.0.3 HP1 for Windows allow remote malicious users to execute arbitrary code via "spoofed server responses" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell groupwise messenger 2.0
novell groupwise messenger 2.0.2
novell groupwise messenger 2.0.3

source: wwwsecurityfocuscom/bid/29602/info Novell GroupWise Messenger is prone to two buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer Attackers can exploit these issues to execute arbitrary code within the context of the affected applicati ...

## # $Id: groupwisemessenger_clientrb 9583 2010-06-22 19:11:05Z todb $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## class Metasploit3 ...

CWE-119 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html http://www.securityfocus.com/bid/29602 http://secunia.com/advisories/30576 http://www.securitytracker.com/id?1020209 http://www.vupen.com/english/advisories/2008/1764/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42917 http://www.securityfocus.com/archive/1/493964/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/31889/

CVE-2008-2703

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect