CVE-2007-3796

2007-07-17T23:30:00
ID CVE-2007-3796
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T21:26:00

Description

The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables. "Successful exploitation requires that the attacker knows the email address of the target user." The vendor has released version 6.2.1 to address this issue.