High-Tech Bridge Security Research Lab discovered multiple untrusted pointer dereference vulnerabilities in Novell GroupWise, which could be exploited to compromise a remote system.
Short description of untrusted pointer dereferences CWE-822 in Novell GroupWise 2012 (CVE-2013-0804), vulnerabilities exists due to an untrusted pointer dereference errors in next ActiveX methods:
InvokeContact() method within the ActiveX control (gwabdlg.dll, GUID {54AD9EC4-BB4A-4D66-AE1E-D6780930B9EF}, located by default in "C:\Program Files\Novell\GroupWise\gwabdlg.dll".
A remote attacker can pass an arbitrary value to the pInvokeParams argument of the InvokeContact() method and trigger the ACCESS_VIOLATION exception on a MOV EAX, DWORD PTR [EAX+4] instruction.
GenerateSummaryPage() method within the ActiveX control (gwabdlg.dll, GUID {54AD9EC4-BB4A-4D66-AE1E-D6780930B9EF}, located by default in "C:\Program Files\Novell\GroupWise\gwabdlg.dll".
A remote attacker can pass an arbitrary value to the pInvokeParams argument of the GenerateSummaryPage() method and trigger the ACCESS_VIOLATION exception on a MOV EAX, DWORD PTR [EAX+4] instruction.
SecManageRecipientCertificates() method within the ActiveX control (gwmim1.ocx, GUID {BFEC5A01-1EB1-11D1-BC96-00805FC1C85A}, located by default in "C:\Program Files\Novell\GroupWise\gwmim1.ocx".
A remote attacker can pass an arbitrary value to the lProp argument of the SecManageRecipientCertificates() method and trigger the ACCESS_VIOLATION exception on a MOV EDX,DWORD PTR DS:[ECX] instruction.
For all of these security issues researchers presented Proof-of-Concept (PoC) codes, which will crash Internet Explorer 7/8/9.
Apply GroupWise 8.0.3 Hot Patch 2 (or later) or GroupWise 2012 SP1 Hot Patch 1 to stay secure from this vulnerability. Read more at Novell Knowledgebase about this security issue: GroupWise Client for Windows Remote Untrusted Pointer Dereference Vulnerability.
No comments:
Post a Comment