CyberSec.Space Logo
Back to CVE Browser

CVE-2017-9046

HIGH
7.3
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile11.03th
PublishedMay 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.

Affected Platforms (CPE)

📦
Pmail

Pegasus

= 4.72

References & Advisories

🔗 https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html
🔗 https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html

Related Vulnerabilities

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2008-000310.0

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus),...

CVE-2019-256879.8

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attacker...

CVE-2009-38389.3

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service...