CVE-2012-0439

Name of the Vulnerable Software and Affected Versions Novell GroupWise versions 8.0 through 8.0.3 HP2 Novell GroupWise 2012 versions prior to SP1 HP1

Description The issue allows remote attackers to execute arbitrary code. This can be achieved via a pointer argument to the SetEngine method or an XPItem pointer argument to an unspecified method in the ActiveX control in gwcls1.dll.

Recommendations For Novell GroupWise versions 8.0 through 8.0.3 HP2, update to version 8.0.3 HP2 or later. For Novell GroupWise 2012 versions prior to SP1 HP1, update to SP1 HP1 or later. As a temporary workaround, consider disabling the ActiveX control in gwcls1.dll until a patch is available.