CVE-2011-0333

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions 8.0 before HP3

Description The issue is related to a heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, taking advantage of an integer truncation error.

Recommendations For Novell GroupWise version 8.0 before HP3, apply the HP3 patch to resolve the issue.