CVE-2010-4712

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions prior to 8.02HP

Description The issue is related to multiple stack-based buffer overflows in the gwia.exe component of the GroupWise Internet Agent (GWIA) in Novell GroupWise. This can be exploited by remote attackers to execute arbitrary code via a Content-Type header that contains either multiple items separated by semicolon characters or crafted string data.

Recommendations For versions prior to 8.02HP, update to version 8.02HP or later to resolve the issue. As a temporary workaround, consider restricting access to the GWIA component to minimize the risk of exploitation. Avoid using crafted string data in the Content-Type header until the issue is resolved.