[ngw] Novell GroupWise HTML Email Buffer Overflow
bjonkman at sobac.com
Thu Dec 27 16:04:36 UTC 2007
I'm pretty sure that the Windows GroupWise client uses the Microsoft
MSHTML.DLL library to render all HTML. If there is an HTML
vulnerability it would be in MSHTML.DLL, and Microsoft would be
responsible for "silently" patching it.
Just as a matter of interest, I have 18 copies of MSHTML.DLL on my
computer, most of them in either C:\WINDOWS\ie7updates\ or
C:\WINDOWS\$hf_mig$\KBxxxxx\ folders, and most have different sizes and
date stamps. The most recent is 30 October 2007, 18:48, 3509 KiBytes.
Busy people, those Microsofties.
What is the source of the text you quoted?
>>> 26 Dec 2007 23:17 James Taylor <ngw at ngwlist.com> >>>
> This looks interesting.
> I don't recall Novell ever "silently" patching anything in GroupWise.
> (8) HIGH: Novell GroupWise HTML Email Buffer Overflow
> Novell GroupWise versions 6.5.6 and prior
> Description: Novell GroupWise is Novell's enterprise groupware
> solution. GroupWise contains a flaw in its handling of email with
> embedded HTML. A specially crafted email message containing and
> overlong __src__ parameter to an __<img>__ tag could trigger a buffer
> overflow vulnerability. Successfully exploiting this vulnerability
> would allow an attacker to execute arbitrary code with the privileges
> of the current user. Full technical details and multiple
> proofs-of-concept are publicly available for this vulnerability. This
> vulnerability is exploitable only if the user has the __HTML Preview__
> option enabled and responds to or forwards a malicious email; simply
> reading a malicious message is insufficient to exploit this
> Status: According to reports, Novell has silently patched this
> Infobyte Security Research Advisory
> upwise.rb Secunia Security Advisory
> http://secunia.com/advisories/28102/ Product Home Page
> http://www.novell.com/products/groupwise/ SecurityFocus BID
> James Taylor
> The East Cobb Group, Inc.
> james.taylor at eastcobbgroup.com
> Visit http://www.ngwlist.com for help unsubscribing
-- -- -- --
Bob Jonkman <bjonkman at sobac.com> http://sobac.com/sobac/
SOBAC Microcomputer Services Voice: +1-519-669-0388
6 James Street, Elmira ON Canada N3B 1L5 Cel: +1-519-635-9413
Networking -- Office & Business Automation -- Consulting
More information about the ngw