Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0439

CWE-94 — Code Injection4 documents4 sources

Severity

9.3CRITICAL

EPSS

68.3%

top 1.39%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Groupwise

Timeline

PublishedFeb 24

Latest updateMay 4

Description

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDnovell/groupwise6 versions+5

🔴Vulnerability Details

GHSA

GHSA-6gvm-387f-376f: An ActiveX control in gwcls1↗2022-05-04

▶

CVEList

CVE-2012-0439: An ActiveX control in gwcls1↗2013-02-24

▶

💥Exploits & PoCs

Exploit-DB

Novell Groupwise Client - 'gwcls1.dll' ActiveX Remote Code Execution (Metasploit)↗2013-02-12

▶