CVE-2007-4607

Sažetak

Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-04/0220.html
http://osvdb.org/38335
http://retrogod.altervista.org/postcast-emsmtp_bof.html
http://secunia.com/advisories/24199
http://secunia.com/advisories/26639
http://www.kb.cert.org/vuls/id/281977
http://www.securityfocus.com/bid/25467
https://community.ivanti.com/docs/DOC-50988
https://exchange.xforce.ibmcloud.com/vulnerabilities/36307
https://www.exploit-db.com/exploits/4328

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

28-08-2018 - 17:29

Objavljeno

31-08-2007 - 00:17