CVE-2010-4326

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions prior to 8.02HP

Description The issue concerns multiple buffer overflows in the gwwww1.dll component of the GroupWise Internet Agent (GWIA) in Novell GroupWise. These overflows can be triggered by remote attackers sending a VCALENDAR message with specifically crafted variables, such as a long REQUEST-STATUS, TZNAME, COMMENT, or RRULE variable. This could potentially allow the execution of arbitrary code.

Recommendations For versions prior to 8.02HP, update to version 8.02HP or later to resolve the issue. As a temporary workaround, consider restricting the handling of VCALENDAR messages with long variables in the GWIA to minimize the risk of exploitation.