Novell Identity Manager, Groove Office

Groove Virtual Office is reported to have a vulnerable ActiveX control. The vulnerability is a buffer overflow which could potentially allow code execution if an exploit were successful. This vulnerability applies to Groove Virtual Office 3.x, and does not affect the newest version included in Office 2007. At this time there’s no patch, so it is recommended to disable the ActiveX control.

A vulnerability has also been reported in Novell Identity Manager. This vulnerability could be exploited by a remote attacker to cause a Denial of Service condition. It’s reported that version 3.5.1 is affected, but may also affect other versions. Novell has issued a patch for this issue.

Leave a Reply