Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service

2000-11-23T00:00:00
ID EXPLOITPACK:BEDE9DF4709640EE53CAAE9DC980137A
Type exploitpack
Reporter Jari Helenius
Modified 2000-11-23T00:00:00

Description

Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service

                                        
                                            source: https://www.securityfocus.com/bid/1999/info

Network Associates WebShield SMTP is an email virus scanner designed for internet gateways.

In the event that WebShield SMTP receives an outgoing email containing six "%20" followed by any character within the recipient field, the application will crash, resulting in an access violation error upon processing of the email. Restarting WebShield SMTP is required in order to regain normal functionality. It has been unverified as to whether or not arbitrary code can be executed on the target system if specially crafted code is inserted into the buffer. 

recipient@f%20f%20f%20f%20f%20f%20f