7.5

CVE-2007-2655

Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetwinSurgemail Version3.8f3
NetwinSurgemail Version3.8i
NetwinSurgemail Version3.8i2
NetwinWebmail Version3.1s1
NetwinWebmail Version3.1s13
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.95% 0.891
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://www.netwinsite.com/surgemail/help/updates.htm
Patch
http://osvdb.org/35891
http://secunia.com/advisories/25207
Patch
Vendor Advisory
http://www.securityfocus.com/bid/23908
Patch
http://www.vupen.com/english/advisories/2007/1755
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/34217