Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-1497

Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

Published

2008-03-25T19:44:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	netwin	surgemail	1.8g3	Yes
Application	netwin	surgemail	1.9b2	Yes
Application	netwin	surgemail	2.0a2	Yes
Application	netwin	surgemail	2.0c	Yes
Application	netwin	surgemail	2.0e	Yes
Application	netwin	surgemail	2.0g2	Yes
Application	netwin	surgemail	2.1c7	Yes
Application	netwin	surgemail	2.2a6	Yes
Application	netwin	surgemail	2.2c10	Yes
Application	netwin	surgemail	2.2g2	Yes
Application	netwin	surgemail	2.2g3	Yes
Application	netwin	surgemail	3.0a	Yes
Application	netwin	surgemail	3.0c2	Yes
Application	netwin	surgemail	3.2e	Yes
Application	netwin	surgemail	3.5a	Yes
Application	netwin	surgemail	3.5b3	Yes
Application	netwin	surgemail	3.6d	Yes
Application	netwin	surgemail	3.6f3	Yes
Application	netwin	surgemail	3.6f5	Yes
Application	netwin	surgemail	3.6f7	Yes
Application	netwin	surgemail	3.7b	Yes
Application	netwin	surgemail	3.7b3	Yes
Application	netwin	surgemail	3.7b5	Yes
Application	netwin	surgemail	3.7b6	Yes
Application	netwin	surgemail	3.7b7	Yes
Application	netwin	surgemail	3.7b8	Yes
Application	netwin	surgemail	3.8a	Yes
Application	netwin	surgemail	3.8b	Yes
Application	netwin	surgemail	3.8d	Yes
Application	netwin	surgemail	3.8f	Yes
Application	netwin	surgemail	3.8f2	Yes
Application	netwin	surgemail	3.8f3	Yes
Application	netwin	surgemail	3.8i	Yes
Application	netwin	surgemail	3.8i2	Yes
Application	netwin	surgemail	3.8i3	Yes
Application	netwin	surgemail	3.8k	Yes
Application	netwin	surgemail	3.8k2	Yes
Application	netwin	surgemail	3.8k3	Yes
Application	netwin	surgemail	3.8m	Yes

References

http://secunia.com/advisories/29105 Vendor Advisory ([email protected])
http://securityreason.com/securityalert/3774 Exploit ([email protected])
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07 Exploit ([email protected])
http://www.netwinsite.com/surgemail/help/updates.htm Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/489959/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/28377 Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/41402 ([email protected])
http://secunia.com/advisories/29105 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3774 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.netwinsite.com/surgemail/help/updates.htm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/489959/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28377 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41402 (af854a3a-2127-422b-91ae-364da2661108)