KLA10185
Multiple vulnerabilities in Groove
Обновлено: 17/06/2019
Дата обнаружения
20/05/2005
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Groove products. Malicious users can exploit these vulnerabilities to obtain sensitive information, inject web scripts, bypass security restrictions and spoof filenames. Below is a complete list of vulnerabilities

  1. Improper file extension display can be exploited remotely via a specially designed filename;
  2. Vectors related to COM objects can be exploited remotely;
  3. XSS vulnerabilities in can be exploited remotely;
  4. Insecure permissions can be exploited locally.
Пораженные продукты

Groove Virtual Office versions 3.1 build 2337 and earlier
Groove Virtual Office version 3.1a builds 2363 and earlier
Groove Workspace versions 2.5n build 1870 and earlier

Решение

Update to latest version

Оказываемое влияние
?
OSI 
[?]

CI 
[?]

SB 
[?]

SUI 
[?]
Связанные продукты
Groove Virtual Office
CVE-IDS
CVE-2005-16782.6Warning
CVE-2005-16777.5Critical
CVE-2005-16766.8High
CVE-2005-16754.6Warning