CVE Vulnerability

CVE-2007-4607

Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.

9.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.securityfocus.com/bid/25467 Exploit
http://retrogod.altervista.org/postcast-emsmtp_bof.html
http://www.kb.cert.org/vuls/id/281977 US Government Resource
http://secunia.com/advisories/24199
http://secunia.com/advisories/26639
http://osvdb.org/38335
http://archives.neohapsis.com/archives/bugtraq/2013-04/0220.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/36307
https://www.exploit-db.com/exploits/4328
https://community.ivanti.com/docs/DOC-50988
Configurations

Configuration 1

cpe:2.3:a:quicksoft:easymail_objects:*:*:*:*:*:*:*:*
cpe:2.3:a:gate_comm_software:postcast_server_pro:3.0.61:*:*:*:*:*:*:*
Information

Published : 2007-08-31 12:17

Updated : 2018-08-28 05:29

NVD link : CVE-2007-4607

Mitre link : CVE-2007-4607

Products Affected
No products.
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer