Overview
Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code.
Description
Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other tools to facilitate communication and productivity. The Microsoft Component Object Model (COM) provides a means for communication among objects in a Windows environment. Groove Virtual Office uses many COM objects to perform a variety of tasks. A vulnerability exists in Groove that may allow an attacker to bypass Groove's security restrictions and arbitrarily use a COM object's services, such as script execution. Please note that if the access restrictions of a COM object that allows remote access are compromised, that object may be exploited remotely. |
Impact
The impact of exploitation depends on the COM object being attacked. Potential consequences may include the remote execution of arbitrary scripting code, a denial-of-service condition, and the disclosure of sensitive information. |
Solution
Update This vulnerability is addressed in Groove Virtual Office 3.1 build 2338, 3.1a build 2364, and Groove Workspace Version 2.5n build 1871. These updates are available from |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by US-CERT.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | None |
| Severity Metric: | 1.87 |
| Date Public: | 2005-05-19 |
| Date First Published: | 2005-05-19 |
| Date Last Updated: | 2005-06-14 15:50 UTC |
| Document Revision: | 89 |