Vulnerability Key Information Vulnerability Overview Name: GroupWise 7.0 mailto: scheme buffer overflow Date: 2008.05.03 Discoverer: Juan Pablo Lopez Yacubian Vulnerability Details Risk Level: High Local Vulnerability: No Remote Vulnerability: Yes CVE ID: CVE-2008-2069 CWE ID: CWE-119 CVSS Score CVSS Base Score: 9.3/10 - Attack Complexity: Medium - Confidentiality Impact: Complete - Integrity Impact: Complete - Availability Impact: Complete Impact Score: 10/10 Exploitability Score: 8.6/10 - Authentication Required: None Products and Operating Systems Product: GroupWise 7.0 Operating System: Windows XP Vulnerability Description This vulnerability exists in the "mailto" scheme. When a user sets GroupWise as their default email client and uses a malicious scheme containing extended parameters, a buffer overflow occurs. This may overwrite the EIP and allow execution of arbitrary code. Proof of Concept Votes and Comments Votes: 0 up / 0 down Comments Section: Not filled