| VID |
28142 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Groove Virtual Office or Workspace, according to its version number, has multiple vulnerabilities. Groove Virtual Office is an application for managing files, meeting, projects and tracking data and processes. Groove Virtual Office versions prior to 3.1A Build 2364, and Groove Workspace versions prior to 2.5N build 1871 are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct arbitrary script execution, disclosure of sensitive information, and denial of service.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securitytracker.com/alerts/2005/May/1014017.html
http://www.securitytracker.com/alerts/2005/May/1014019.html
http://www.kb.cert.org/vuls/id/232232
http://www.kb.cert.org/vuls/id/372618
http://www.kb.cert.org/vuls/id/514386
http://www.kb.cert.org/vuls/id/155610
http://www.kb.cert.org/vuls/id/443370
* Platforms Affected:
Groove Networks, Groove Workspace versions prior to 2.5N Build 1871
Groove Networks, Groove Virtual Office versions prior to 3.1A Build 2364
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Groove Workspace (v2.5N build 1871 or later) or Groove Virtual Office (v3.1A build 2364 or later), available from the grooveNetworks Download Web site at http://www.groove.net/index.cfm?pagename=Downloads_Overview |
| Related URL |
CVE-2005-1675,CVE-2005-1676,CVE-2005-1677,CVE-2005-1678 (CVE) |
| Related URL |
13682,13684,13685,13686,13688 (SecurityFocus) |
| Related URL |
20748,20749,20750,20751 (ISS) |
|
