[ngw] Novell GroupWise HTML Email Buffer Overflow

Bob Jonkman bjonkman at sobac.com
Thu Dec 27 16:04:36 UTC 2007


I'm pretty sure that the Windows GroupWise client uses the Microsoft 
MSHTML.DLL library to render all HTML.  If there is an HTML 
vulnerability it would be in MSHTML.DLL, and Microsoft would be 
responsible for "silently" patching it.

Just as a matter of interest, I have 18 copies of MSHTML.DLL on my 
computer, most of them in either C:\WINDOWS\ie7updates\ or 
C:\WINDOWS\$hf_mig$\KBxxxxx\ folders, and most have different sizes and 
date stamps. The most recent is 30 October 2007, 18:48, 3509 KiBytes.  
Busy people, those Microsofties.

What is the source of the text you quoted?

--Bob.




>>> 26 Dec 2007 23:17  James Taylor <ngw at ngwlist.com>  >>>

> This looks interesting.
> I don't recall Novell ever "silently" patching anything in GroupWise.
> -jt
> 
> 
> (8) HIGH: Novell GroupWise HTML Email Buffer Overflow
> Affected:
> Novell GroupWise versions 6.5.6 and prior
> 
> Description: Novell GroupWise is Novell's enterprise groupware
> solution. GroupWise contains a flaw in its handling of email with
> embedded HTML. A specially crafted email message containing and
> overlong __src__ parameter to an __<img>__ tag could trigger a buffer
> overflow vulnerability. Successfully exploiting this vulnerability
> would allow an attacker to execute arbitrary code with the privileges
> of the current user. Full technical details and multiple
> proofs-of-concept are publicly available for this vulnerability. This
> vulnerability is exploitable only if the user has the __HTML Preview__
> option enabled and responds to or forwards a malicious email; simply
> reading a malicious message is insufficient to exploit this
> vulnerability.
> 
> Status: According to reports, Novell has silently patched this
> vulnerability.
> 
> References:
> Infobyte Security Research Advisory
> http://www.infobyte.com.ar/adv/ISR-16.html
> Proofs-of-Concept
> http://downloads.securityfocus.com/vulnerabilities/exploits/novell_gro
> upwise.pm
> http://downloads.securityfocus.com/vulnerabilities/exploits/novell_gro
> upwise.rb Secunia Security Advisory
> http://secunia.com/advisories/28102/ Product Home Page
> http://www.novell.com/products/groupwise/ SecurityFocus BID
> http://www.securityfocus.com/bid/26875
> 
> 
> 
> James Taylor
> The East Cobb Group, Inc.
> 678-697-9420
> james.taylor at eastcobbgroup.com
> http://www.eastcobbgroup.com
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --
> Visit http://www.ngwlist.com for help unsubscribing
> 


-- -- -- --
Bob Jonkman <bjonkman at sobac.com>         http://sobac.com/sobac/    
SOBAC Microcomputer Services              Voice: +1-519-669-0388       
6 James Street, Elmira ON  Canada  N3B 1L5  Cel: +1-519-635-9413
Networking   --   Office & Business Automation   --   Consulting





More information about the ngw mailing list