CyberSec.Space Logo
Back to CVE Browser

CVE-2010-1132

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile36.51th
PublishedMar 27, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.

Affected Platforms (CPE)

πŸ“¦
Georg Greve

Spamassassin Milter Plugin

= 0.3.1

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html
πŸ”— http://bugs.debian.org/573228
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038535.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038572.html
πŸ”— http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038777.html
πŸ”— http://osvdb.org/62809
πŸ”— http://secunia.com/advisories/38840
πŸ”— http://secunia.com/advisories/38956

Related Vulnerabilities

CVE-2010-355410.0

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-355910.0

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-355310.0

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-355810.0

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attack...