CVE-2008-1497

Exploit

EPSS 6.3%
Veröffentlicht 25.03.2008 19:44:00
Zuletzt bearbeitet 16.06.2026 22:51:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 39 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netwin ≫ Surgemail Version1.8g3

Netwin ≫ Surgemail Version1.9b2

Netwin ≫ Surgemail Version2.0a2

Netwin ≫ Surgemail Version2.0c

Netwin ≫ Surgemail Version2.0e

Netwin ≫ Surgemail Version2.0g2

Netwin ≫ Surgemail Version2.1c7

Netwin ≫ Surgemail Version2.2a6

Netwin ≫ Surgemail Version2.2c10

Netwin ≫ Surgemail Version2.2g2

Netwin ≫ Surgemail Version2.2g3

Netwin ≫ Surgemail Version3.0a

Netwin ≫ Surgemail Version3.0c2

Netwin ≫ Surgemail Version3.2e

Netwin ≫ Surgemail Version3.5a

Netwin ≫ Surgemail Version3.5b3

Netwin ≫ Surgemail Version3.6d

Netwin ≫ Surgemail Version3.6f3

Netwin ≫ Surgemail Version3.6f5

Netwin ≫ Surgemail Version3.6f7

Netwin ≫ Surgemail Version3.7b

Netwin ≫ Surgemail Version3.7b3

Netwin ≫ Surgemail Version3.7b5

Netwin ≫ Surgemail Version3.7b6

Netwin ≫ Surgemail Version3.7b7

Netwin ≫ Surgemail Version3.7b8

Netwin ≫ Surgemail Version3.8a

Netwin ≫ Surgemail Version3.8b

Netwin ≫ Surgemail Version3.8d

Netwin ≫ Surgemail Version3.8f

Netwin ≫ Surgemail Version3.8f2

Netwin ≫ Surgemail Version3.8f3

Netwin ≫ Surgemail Version3.8i

Netwin ≫ Surgemail Version3.8i2

Netwin ≫ Surgemail Version3.8i3

Netwin ≫ Surgemail Version3.8k

Netwin ≫ Surgemail Version3.8k2

Netwin ≫ Surgemail Version3.8k3

Netwin ≫ Surgemail Version3.8m

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.3%	0.927

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.netwinsite.com/surgemail/help/updates.htm

Vendor Advisory

http://secunia.com/advisories/29105

Vendor Advisory

http://securityreason.com/securityalert/3774

Exploit

http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07

Exploit

http://www.securityfocus.com/archive/1/489959/100/0/threaded

http://www.securityfocus.com/bid/28377

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/41402

https://nvd.nist.gov/vuln/detail/CVE-2008-1497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1497

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-1497