Novell Messenger/Groupwise Messenger Client Unspecified Buffer Overflow Vulnerability (CVE-2013-1085)

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter. A stack buffer overflow exists in Novell Messenger client. The vulnerability is due to insufficient validation of thefilename parameter with an import command. This could result in a stack buffer overflow. A remote attacker can exploit this vulnerability by enticing a user to follow a malicious URL with the nim: protocol. Successful exploitation could result in arbitrary code being executed with the privileges of the currently logged in user.