CVE-2006-0992

EPSS 72.8%

Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/1679unverified exploitdbwww.exploit-db.com/exploits/16757unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://cirt.dk/advisories/cirt-42-advisory.txt http://metasploit.blogspot.com/2006/04/exploit-development-groupwise_14.html http://secunia.com/advisories/19663 http://securitytracker.com/id?1015911 https://exchange.xforce.ibmcloud.com/vulnerabilities/25828 http://support.novell.com/cgi-bin/search/searchtid.cgi?10100861.htm https://www.exploit-db.com/exploits/1679 http://www.osvdb.org/24617 http://www.securityfocus.com/archive/1/430911/100/0/threaded http://www.securityfocus.com/bid/17503 http://www.vupen.com/english/advisories/2006/1355 http://www.zerodayinitiative.com/advisories/ZDI-06-008.html