Lucene search

[email protected]CVE-2008-1055

HistoryFeb 27, 2008 - 7:44 p.m.

CVE-2008-1055

2008-02-2719:44:00

CWE-134

[email protected]

web.nvd.nist.gov

cve-2008-1055

format string vulnerability

netwin surgemail

webmail

remote attack

dos

arbitrary code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.933 High

EPSS

Percentile

99.1%

JSON

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Affected configurations

NVD

Node

netwinsurgemailRange≤38k4

netwinsurgemailMatch1.8a

netwinsurgemailMatch1.8b3

netwinsurgemailMatch1.8d

netwinsurgemailMatch1.8e

netwinsurgemailMatch1.8g3

netwinsurgemailMatch1.9

netwinsurgemailMatch1.9b2

netwinsurgemailMatch2.0a2

netwinsurgemailMatch2.0c

netwinsurgemailMatch2.0e

netwinsurgemailMatch2.0g2

netwinsurgemailMatch2.1a

netwinsurgemailMatch2.1c7

netwinsurgemailMatch2.2a6

netwinsurgemailMatch2.2c9

netwinsurgemailMatch2.2c10

netwinsurgemailMatch2.2g2

netwinsurgemailMatch2.2g3

netwinsurgemailMatch3.0a

netwinsurgemailMatch3.0c2

netwinsurgemailMatch3.8f3

netwinsurgemailMatch39a

netwinsurgemailMatchbeta_39a

netwinwebmailRange≤3.1s

CPENameOperatorVersion
netwin:surgemailnetwin surgemaille38k4
netwin:surgemailnetwin surgemaileq1.8a
netwin:surgemailnetwin surgemaileq1.8b3
netwin:surgemailnetwin surgemaileq1.8d
netwin:surgemailnetwin surgemaileq1.8e
netwin:surgemailnetwin surgemaileq1.8g3
netwin:surgemailnetwin surgemaileq1.9
netwin:surgemailnetwin surgemaileq1.9b2
netwin:surgemailnetwin surgemaileq2.0a2
netwin:surgemailnetwin surgemaileq2.0c

CPE	Name	Operator	Version
netwin:surgemail	netwin surgemail	le	38k4
netwin:surgemail	netwin surgemail	eq	1.8a
netwin:surgemail	netwin surgemail	eq	1.8b3
netwin:surgemail	netwin surgemail	eq	1.8d
netwin:surgemail	netwin surgemail	eq	1.8e
netwin:surgemail	netwin surgemail	eq	1.8g3
netwin:surgemail	netwin surgemail	eq	1.9
netwin:surgemail	netwin surgemail	eq	1.9b2
netwin:surgemail	netwin surgemail	eq	2.0a2
netwin:surgemail	netwin surgemail	eq	2.0c

Rows per page:

1-10 of 251

References

aluigi.altervista.org/adv/surgemailz-adv.txt

secunia.com/advisories/29105

secunia.com/advisories/29137

securityreason.com/securityalert/3705

www.securityfocus.com/archive/1/488741/100/0/threaded

www.securityfocus.com/bid/27990

www.securitytracker.com/id?1019500

www.vupen.com/english/advisories/2008/0678

exchange.xforce.ibmcloud.com/vulnerabilities/40833

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.933 High

EPSS

Percentile

99.1%

JSON

Related for CVE-2008-1055

cvelist1 prion1 nvd1 checkpoint_advisories1