CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6922

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile16.35th
PublishedAug 10, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.

Affected Platforms (CPE)

πŸ“¦
Youngzsoft

Cmailserver

= 5.4.6

References & Advisories

πŸ”— http://osvdb.org/46750
πŸ”— http://secunia.com/advisories/30940
πŸ”— http://www.securityfocus.com/bid/30098
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/43594
πŸ”— https://www.exploit-db.com/exploits/6012
πŸ”— http://osvdb.org/46750
πŸ”— http://secunia.com/advisories/30940
πŸ”— http://www.securityfocus.com/bid/30098

Related Vulnerabilities

CVE-2004-112910.0

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServe...

CVE-2003-028010.0

Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary cod...

CVE-2004-112810.0

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long...

CVE-2002-07997.5

Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.