CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-6922

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0080%
EPSS Percentile16.35th
Published2009年8月10日
Last Modified2026年4月23日

Vulnerability Description

Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.

Affected Platforms (CPE)

📦
Youngzsoft

Cmailserver

= 5.4.6

References & Advisories

🔗 http://osvdb.org/46750
🔗 http://secunia.com/advisories/30940
🔗 http://www.securityfocus.com/bid/30098
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/43594
🔗 https://www.exploit-db.com/exploits/6012
🔗 http://osvdb.org/46750
🔗 http://secunia.com/advisories/30940
🔗 http://www.securityfocus.com/bid/30098

関連する脆弱性情報

CVE-2004-112910.0

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServe...

CVE-2003-028010.0

Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary cod...

CVE-2004-112810.0

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long...

CVE-2002-07997.5

Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.