Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2663

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-2663
Last Modified 14 May 2012 12:00:00
Published 07 Oct 2011 10:52:52
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2663

Summary

Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted yearly RRULE variable in a VCALENDAR attachment in an e-mail message.

Vulnerable Systems

Application

  • Novell Groupwise 8.0


References

IDEFENSE - 20110926 Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Vulnerability

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=705917

BUGTRAQ - 20110928 iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=7009216


Last Updated: 27 May 2016 10:57:04