CVE ID | |
CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
Novell |
AFFECTED PRODUCTS |
Groupwise |
TREND MICRO CUSTOMER PROTECTION | Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['11547']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com |
VULNERABILITY DETAILS |
The specific flaw exists within the component responsible for parsing DOCX attachment files. When handling the "Relationship Id" field within such a file, the process copies the contents into a static buffer on the stack. By supplying a large enough value this buffer can be overflowed leading to arbitrary code execution under the context of the user running the mail client. |
ADDITIONAL DETAILS |
Novell has issued an update to correct this vulnerability. More details can be found at:
http://www.novell.com/support/search.do?usemicrosite=true&searchString=7009207 |
DISCLOSURE TIMELINE |
|
CREDIT | Anonymous |