ID CVE-2007-3796
Type cve
Modified 2008-09-05T21:26:00


The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. "Successful exploitation requires that the attacker knows the email address of the target user." The vendor has released version 6.2.1 to address this issue.