Some vulnerabilities have been reported in Novell GroupWise Messenger, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to boundary errors in the Novell GroupWise Messenger Client when processing certain server responses. These can be exploited to cause stack-based buffer overflows via specially crafted, overly long server responses.
Successful exploitation allows execution of arbitrary code.
NOTE: A client crash when processing a long user ID has also been reported.
The vulnerabilities affect all Novell GroupWise Messenger Client for Windows versions prior to 2.0.3 Hot Patch 1.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org