CVE-2013-0804
published 2013-02-24CVE-2013-0804: The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service…
PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
12.30%
95.7th percentile
The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via unspecified vectors.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
| novell | groupwise | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
%u9090%u7ceb
- →Exploit targets the InvokeContact ActiveX/COM method in the Novell GroupWise client; monitor for invocation of this method from browser or scripting contexts. ↗
- →Exploit uses heap-spray technique with NOP sled pattern (%u9090) and short jump (%u7ceb) via unescape(); detect unescape-based heap spray in scripts interacting with GroupWise ActiveX objects. ↗
- →Exploit allocates heap blocks targeting base address 0x150000; memory forensics or crash analysis showing controlled allocations near this address may indicate exploitation. ↗
- →Exploit uses CollectGarbage() calls to manipulate heap layout (free and reallocate); scripting engine calls to CollectGarbage in conjunction with GroupWise COM object usage are suspicious. ↗
- ·Affected versions are Novell GroupWise 8.0 before 8.0.3 HP2 and GroupWise 2012 before SP1 HP1; exploitation only applies to unpatched clients in these version ranges. ↗
- ·The vulnerability involves an incorrect pointer dereference via unspecified vectors; the exact attack surface beyond the InvokeContact method is not fully disclosed in public sources. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2013-02-24
Published