Lucene search

[email protected]CVE-2007-2795

HistoryJan 27, 2009 - 11:30 p.m.

CVE-2007-2795

2009-01-2723:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-2795

ipswitch imail

buffer overflow

remote code execution

nvd

7.9 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.6%

JSON

Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.

CPENameOperatorVersion
ipswitch:imailipswitch imaileq2006.1
ipswitch:imailipswitch imaille2006.2

CPE	Name	Operator	Version
ipswitch:imail	ipswitch imail	eq	2006.1
ipswitch:imail	ipswitch imail	le	2006.2

References

www.ipswitch.com/support/imail/releases/im200621.asp

www.zerodayinitiative.com/advisories/ZDI-07-042/

www.zerodayinitiative.com/advisories/ZDI-07-043/

7.9 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.048 Low

EPSS

Percentile

92.6%

JSON

Related for CVE-2007-2795

checkpoint_advisories5 seebug2 prion1 securityvulns3 zdi2 exploitpack1 packetstorm1 exploitdb1 nessus1