Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7074

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-7074
Last Modified 25 Aug 2009 12:00:00
Published 25 Aug 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7074

Summary

Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."

Vulnerable Systems

Application

  • Memcode I.scribe 1.88

  • Memcode I.scribe 1.89

  • Memcode I.scribe 1.90

  • Memcode I.scribe 2.00


References

XF - iscribe-smtp-format-string(46970)

BID - 32497

MILW0RM - 7249

SECUNIA - 32906

OSVDB - 50232

CONFIRM - http://memecode.com/site/ver.php?id=264


Last Updated: 27 May 2016 10:49:27