Arbitrary Code Execution via Negative BYWEEKNO Property in GroupWise Internet Agent (GWIA)

Arbitrary Code Execution via Negative BYWEEKNO Property in GroupWise Internet Agent (GWIA)

CVE-2011-2662 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message.

Learn more about our Web Application Penetration Testing UK.