CVE-2007-3925

EPSS 90.44%
Published 21.07.2007 00:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Ipswitch ≫ Imail Server Version <= 2006.2

Ipswitch ≫ Ipswitch Collaboration Suite Version <= 2006.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	90.44%	0.996

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease

Patch

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563

http://secunia.com/advisories/26123

Vendor Advisory

http://www.securityfocus.com/bid/24962

Patch

http://www.securitytracker.com/id?1018419

http://www.vupen.com/english/advisories/2007/2574

https://exchange.xforce.ibmcloud.com/vulnerabilities/35496

https://exchange.xforce.ibmcloud.com/vulnerabilities/35500

https://nvd.nist.gov/vuln/detail/CVE-2007-3925

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3925

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3925

EUVD