Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3863Improper Restriction of Operations within the Bounds of a Memory Buffer in Groupwise

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
3.8%
top 11.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Novell Groupwise
Timeline
PublishedNov 4
Latest updateMay 2

Description

Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise Client 7.0.3.1294 allows remote attackers to cause a denial of service (application crash) via a long argument to the SetFontFace method.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDnovell/groupwise7.0.3.1294

🔴Vulnerability Details

2
GHSA
GHSA-3pxp-4jgv-xr88: Buffer overflow in the gxmim12022-05-02
CVEList
CVE-2009-3863: Buffer overflow in the gxmim12009-11-04

💥Exploits & PoCs

1
Exploit-DB
Novell Groupwise Client 7.0.3.1294 - ActiveX Denial of Service (PoC)2009-09-15
CVE-2009-3863 — Novell Groupwise vulnerability | cvebase