Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1055

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1055
Last Modified 07 Mar 2011 10:05:52
Published 27 Feb 2008 02:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1055

Summary

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Vulnerable Systems

Application

  • Netwin Surgemail 1.8a

  • Netwin Surgemail 1.8b3

  • Netwin Surgemail 1.8d

  • Netwin Surgemail 1.8e

  • Netwin Surgemail 1.8g3

  • Netwin Surgemail 1.9

  • Netwin Surgemail 1.9b2

  • Netwin Surgemail 2.0a2

  • Netwin Surgemail 2.0c

  • Netwin Surgemail 2.0e

  • Netwin Surgemail 2.0g2

  • Netwin Surgemail 2.1a

  • Netwin Surgemail 2.1c7

  • Netwin Surgemail 2.2a6

  • Netwin Surgemail 2.2c10

  • Netwin Surgemail 2.2c9

  • Netwin Surgemail 2.2g2

  • Netwin Surgemail 2.2g3

  • Netwin Surgemail 3.0a

  • Netwin Surgemail 3.0c2

  • Netwin Surgemail 3.8f3

  • Netwin Surgemail 38k4

  • Netwin Surgemail 39a

  • Netwin Surgemail Beta 39a

  • Netwin Webmail 3.1s


References

VUPEN - ADV-2008-0678

BID - 27990

BUGTRAQ - 20080225 Format string and buffer-overflow in SurgeMail 38k4

SECUNIA - 29105

XF - surgemail-webmail-format-string(40833)

SECTRACK - 1019500

SREASON - 3705

SECUNIA - 29137

MISC - http://aluigi.altervista.org/adv/surgemailz-adv.txt


Last Updated: 27 May 2016 10:47:01