Vulnerability & Exploit Database

Back to search

Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution

This module exploits a vulnerability in the Novell GroupWise Client gwcls1.dll ActiveX. Several methods in the GWCalServer control use user provided data as a pointer, which allows to read arbitrary memory and execute arbitrary code. This module has been tested successfully with GroupWise Client 2012 on IE6 - IE9. The JRE6 needs to be installed to achieve ASLR bypass.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/browser/novell_groupwise_gwcls1_actvx

Authors

  • rgod <rgod [at] autistici.org>
  • juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

  • Automatic
  • IE 6 on Windows XP SP3
  • IE 7 on Windows XP SP3
  • IE 8 on Windows XP SP3
  • IE 7 on Windows Vista
  • IE 8 on Windows Vista
  • IE 8 on Windows 7
  • IE 9 on Windows 7

Platforms

  • windows

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/novell_groupwise_gwcls1_actvx msf exploit(novell_groupwise_gwcls1_actvx) > show targets ...targets... msf exploit(novell_groupwise_gwcls1_actvx) > set TARGET <target-id> msf exploit(novell_groupwise_gwcls1_actvx) > show options ...show and set options... msf exploit(novell_groupwise_gwcls1_actvx) > exploit