What is CVE-2012-0439?

CVE-2012-0439 is a vulnerability in Novell Groupwise, classified under Code Injection. Published 2013-02-24.

Is CVE-2012-0439 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Novell Groupwise

CVE-2012-0439

An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer a…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.683 (98.6th percentile) — read the EPSS interpretation.

Affected products

Novell Groupwise — versions 8.0, 8.00, 8.01
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2012-0439?: CVE-2012-0439 is a vulnerability in Novell Groupwise, classified under Code Injection. Published 2013-02-24.
Is CVE-2012-0439 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.