Back to CVE Browser

CVE-2006-0559

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0890%

EPSS Percentile33.94th

PublishedApr 4, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.

Affected Platforms (CPE)

📦

Mcafee

Webshield Smtp

<= 4.5

References & Advisories

🔗 http://secunia.com/advisories/19491

🔗 http://securityreason.com/securityalert/671

🔗 http://securitytracker.com/id?1015861

🔗 http://www.osvdb.org/24366

🔗 http://www.securityfocus.com/archive/1/429812/100/0/threaded

🔗 http://www.securityfocus.com/bid/16742

🔗 http://www.vupen.com/english/advisories/2006/1219

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25621

Related Vulnerabilities

CVE-2012-40147.8

Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of servic...

CVE-2000-11307.5

McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters i...

CVE-2000-04477.5

Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter ...

CVE-2001-15427.5

NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote a...