CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-9046

HIGH
7.3
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile11.03th
Published2017年5月21日
Last Modified2026年5月13日

Vulnerability Description

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.

Affected Platforms (CPE)

📦
Pmail

Pegasus

= 4.72

References & Advisories

🔗 https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html
🔗 https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html

相關漏洞威脅

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2008-000310.0

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus),...

CVE-2019-256879.8

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attacker...

CVE-2009-38389.3

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service...