CVE-2008-1055

HIGH

7.5

CVSS Severity Score

EPSS Score0.1300%

EPSS Percentile18.70th

Published2008年2月27日

Last Modified2026年4月23日

Vulnerability Description

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Affected Platforms (CPE)

📦

Netwin

Surgemail

<= 38k4

📦

Netwin

Surgemail

= 1.8a

📦

Netwin

Surgemail

= 1.8b3

📦

Netwin

Surgemail

= 1.8d

📦

Netwin

Surgemail

= 1.8e

📦

Netwin

Surgemail

= 1.8g3

📦

Netwin

Surgemail

= 1.9

📦

Netwin

Surgemail

= 1.9b2

📦

Netwin

Surgemail

= 2.0a2

📦

Netwin

Surgemail

= 2.0c

📦

Netwin

Surgemail

= 2.0e

📦

Netwin

Surgemail

= 2.0g2

📦

Netwin

Surgemail

= 2.1a

📦

Netwin

Surgemail

= 2.1c7

📦

Netwin

Surgemail

= 2.2a6

📦

Netwin

Surgemail

= 2.2c9

📦

Netwin

Surgemail

= 2.2c10

📦

Netwin

Surgemail

= 2.2g2

📦

Netwin

Surgemail

= 2.2g3

📦

Netwin

Surgemail

= 3.0a

📦

Netwin

Surgemail

= 3.0c2

📦

Netwin

Surgemail

= 3.8f3

📦

Netwin

Surgemail

= 39a

📦

Netwin

Surgemail

= beta_39a

📦

Netwin

Webmail

<= 3.1s

References & Advisories

🔗 http://aluigi.altervista.org/adv/surgemailz-adv.txt

🔗 http://secunia.com/advisories/29105

🔗 http://secunia.com/advisories/29137

🔗 http://securityreason.com/securityalert/3705

🔗 http://www.securityfocus.com/archive/1/488741/100/0/threaded

🔗 http://www.securityfocus.com/bid/27990

🔗 http://www.securitytracker.com/id?1019500

🔗 http://www.vupen.com/english/advisories/2008/0678

Vulnerability Description

Affected Platforms (CPE)

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Surgemail

Webmail

References & Advisories

相關漏洞威脅